PT-2022-17083 · Unknown · Home Owners Collection Management System

Published

2022-03-02

Updated

2022-03-14

CVE-2022-25115

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Home Owners Collection Management System version 1.0

Description A remote code execution issue exists due to a vulnerability in the Avatar parameter under the "/admin/?page=user/manage user" API endpoint. This allows attackers to execute arbitrary code by submitting a crafted PNG file.

Recommendations For Home Owners Collection Management System version 1.0, avoid using the Avatar parameter in the "/admin/?page=user/manage user" API endpoint until a fix is available. Consider restricting access to this endpoint to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-25115

Affected Products

Home Owners Collection Management System

PT-2022-17083 · Unknown · Home Owners Collection Management System

CVE-2022-25115

Weakness Enumeration

Related Identifiers

Affected Products

References · 3