CVE Details
Basic Information
| Title | ScriptAndTools Real Estate Management System User Delete userdelete.php authorization |
|---|---|
| Type | cve |
| Published | 2025-06-20T09:31:07.446Z |
| Last Seen |
Product Information
| Vendor | ScriptAndTools |
|---|---|
| Product | Real Estate Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in the ScriptAndTools Real Estate Management System allows remote attackers to bypass authorization by manipulating the ID argument in userdelete.php. This could lead to unauthorized user deletions. |
|---|---|
| AI Severity | Medium |
| Vendor | ScriptAndTools |
| Product | Real Estate Management System |
| Affected Version | 1.0 |
Affected Products
- ScriptAndTools Real Estate Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-639, CWE-285 |
| Bulletin Family |
References
Description
A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of the argument ID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.