CVE-2024-7943
Description
A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CWE
- CWE-434 — CWE-434 Unrestricted Upload
Affected
- itsourcecode / Laravel Property Management System — v=1.0 [affected]
CVSS
- 4.0 score=5.3 severity=MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N - 3.1 score=6.3 severity=MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - 3.0 score=6.3 severity=MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - 2.0 score=6.5 severity=
AV:N/AC:L/Au:S/C:P/I:P/A:P
References
- https://vuldb.com/?id.275135 vdb-entry, technical-description
- https://vuldb.com/?ctiid.275135 signature, permissions-required
- https://vuldb.com/?submit.393371 third-party-advisory
- https://github.com/DeepMountains/zzz/blob/main/CVE2-1.md exploit
Source
cvelistV5-main/cves/2024/7xxx/CVE-2024-7943.json