CVE-2025-14900

CodeAstro Real Estate Management System Administrator Endpoint userdelete.php sql injection

CVSS 5.1 MEDIUMEPSS 0.4%CWE-74 CWE-89

A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /admin/userdelete.php of the component Administrator Endpoint. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

CodeAstro · Real Estate Management System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://codeastro.com/https://github.com/YZS17/CVE/blob/main/CodeAstro_Real_Estate_Management_System/userdelete-sqli.md https://vuldb.com/?ctiid.337425 https://vuldb.com/?id.337425 https://vuldb.com/?submit.715672