Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Real Estate Property Listing App by SourceCodester

    CVE-2025-14530 (GCVE-0-2025-14530)

    Vulnerability from nvd – Published: 2025-12-11 17:32 – Updated: 2025-12-11 19:35 X_Freeware
    VLAI
    Title
    SourceCodester Real Estate Property Listing App property.php unrestricted upload
    Summary
    A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.335871 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.335871 signaturepermissions-required
    https://vuldb.com/?submit.703238 third-party-advisory
    https://github.com/zzdzz7/cve/issues/2 broken-linkexploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Credits
    zzdzz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14530",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T19:18:47.772081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T19:35:41.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/zzdzz7/cve/issues/2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Real Estate Property Listing App",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zzdzz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T17:32:20.008Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-335871 | SourceCodester Real Estate Property Listing App property.php unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.335871"
            },
            {
              "name": "VDB-335871 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.335871"
            },
            {
              "name": "Submit #703238 | SourceCodester Real Estate Property Listing App Using PHP and MySQL with Source Code 1 Unrestricted Upload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.703238"
            },
            {
              "tags": [
                "broken-link",
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zzdzz7/cve/issues/2"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-11T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-11T10:19:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Real Estate Property Listing App property.php unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14530",
        "datePublished": "2025-12-11T17:32:20.008Z",
        "dateReserved": "2025-12-11T09:14:16.383Z",
        "dateUpdated": "2025-12-11T19:35:41.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14530 (GCVE-0-2025-14530)

    Vulnerability from cvelistv5 – Published: 2025-12-11 17:32 – Updated: 2025-12-11 19:35 X_Freeware
    VLAI
    Title
    SourceCodester Real Estate Property Listing App property.php unrestricted upload
    Summary
    A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.335871 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.335871 signaturepermissions-required
    https://vuldb.com/?submit.703238 third-party-advisory
    https://github.com/zzdzz7/cve/issues/2 broken-linkexploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Credits
    zzdzz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14530",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T19:18:47.772081Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T19:35:41.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/zzdzz7/cve/issues/2"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Real Estate Property Listing App",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zzdzz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T17:32:20.008Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-335871 | SourceCodester Real Estate Property Listing App property.php unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.335871"
            },
            {
              "name": "VDB-335871 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.335871"
            },
            {
              "name": "Submit #703238 | SourceCodester Real Estate Property Listing App Using PHP and MySQL with Source Code 1 Unrestricted Upload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.703238"
            },
            {
              "tags": [
                "broken-link",
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zzdzz7/cve/issues/2"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-11T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-11T10:19:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Real Estate Property Listing App property.php unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14530",
        "datePublished": "2025-12-11T17:32:20.008Z",
        "dateReserved": "2025-12-11T09:14:16.383Z",
        "dateUpdated": "2025-12-11T19:35:41.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }