PT-2026-1547 · Projectworlds · House Rental/Property Listing

1Uzpk

Publicado

2026-01-06

Atualizado

2026-01-07

CVE-2026-0643

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions projectworlds House Rental and Property Listing version 1.0

Description A flaw exists in projectworlds House Rental and Property Listing that allows for unrestricted file upload through manipulation of the image argument in the file '/app/register.php?action=reg' within the Signup component. This manipulation occurs in an unknown function. Remote exploitation is possible, and an exploit has been published.

Recommendations Apply restrictions to the file upload functionality within the Signup component. Disable or restrict access to the /app/register.php?action=reg endpoint.

Exploit

Correção

Unrestricted File Upload

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-284

Identificadores relacionados

CVE-2026-0643

Produtos afetados

House Rental/Property Listing

PT-2026-1547 · Projectworlds · House Rental/Property Listing

CVE-2026-0643

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8