← volver
CVE-2025-14900

CodeAstro Real Estate Management System Administrator Endpoint userdelete.php sql injection

CVSS 5.1 MEDIUMEPSS 0.4%CWE-74CWE-89
A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /admin/userdelete.php of the component Administrator Endpoint. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
CodeAstro · Real Estate Management System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://codeastro.com/https://github.com/YZS17/CVE/blob/main/CodeAstro_Real_Estate_Management_System/userdelete-sqli.mdhttps://vuldb.com/?ctiid.337425https://vuldb.com/?id.337425https://vuldb.com/?submit.715672