CVE Details
Basic Information
| Title | code-projects Real Estate Property Management System NewsReport.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-06T01:00:21.501Z |
| Last Seen |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Real Estate Property Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in the Real Estate Property Management System 1.0 by code-projects. The vulnerability is located in the /Admin/NewsReport.php file and can be exploited by manipulating the txtFrom argument, allowing remote attackers to execute arbitrary SQL commands. The exploit is publicly available and can be used to compromise the system. |
|---|---|
| AI Severity | High |
| Vendor | code-projects |
| Product | Real Estate Property Management System |
| Affected Version | 1.0 |
Affected Products
- code-projects Real Estate Property Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /Admin/NewsReport.php. The manipulation of the argument txtFrom leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.