CVE-2020-24202

Published: Aug 27, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.

Affected (1)

Products: Projectworlds: House Rental And Property Listing Project

Projectworlds

1 product

House Rental And Property Listing Project

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Projectworlds House Rental And Property Listing Project	Version 1.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/hyd3sec/HouseRental_Unauth_RCE/blob/master/HouseRentalRCE.py

Source: cve@mitre.org

ExploitThird Party Advisory

https://projectworlds.in/free-projects/php-projects/house-rental-and-property-listing-project-php-mysql/

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/hyd3sec/HouseRental_Unauth_RCE/blob/master/HouseRentalRCE.py

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://projectworlds.in/free-projects/php-projects/house-rental-and-property-listing-project-php-mysql/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.