CVE-2025-1374

A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://code-projects.org/ Product
https://github.com/1337g/realestatepropertymanagement_poc/blob/main/sql-gu2.pdf Exploit Third Party Advisory
https://vuldb.com/?ctiid.295983 Permissions Required VDB Entry
https://vuldb.com/?id.295983 Third Party Advisory VDB Entry
https://vuldb.com/?submit.499767 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:fabianros:real_estate_property_management_system:1.0:*:*:*:*:*:*:*

History

24 Feb 2025, 12:39

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Real Estate Property Management System 1.0. Afecta a una parte desconocida del archivo /search.php. La manipulación del argumento StateName/CityName/AreaName/CatId provoca una inyección SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://github.com/1337g/realestatepropertymanagement_poc/blob/main/sql-gu2.pdf - () https://github.com/1337g/realestatepropertymanagement_poc/blob/main/sql-gu2.pdf - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.295983 - () https://vuldb.com/?ctiid.295983 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.295983 - () https://vuldb.com/?id.295983 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.499767 - () https://vuldb.com/?submit.499767 - Third Party Advisory, VDB Entry
First Time Fabianros
Fabianros real Estate Property Management System
CPE cpe:2.3:a:fabianros:real_estate_property_management_system:1.0:*:*:*:*:*:*:*

17 Feb 2025, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-17 04:15

Updated : 2025-02-24 12:39


NVD link : CVE-2025-1374

Mitre link : CVE-2025-1374

CVE.ORG link : CVE-2025-1374


JSON object : View

Products Affected

fabianros

  • real_estate_property_management_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')