PT-2024-31977 · Unknown · Best House Rental Management System

Gaorenyusi

Published

2024-09-18

Updated

2024-09-20

CVE-2024-46376

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Best House Rental Management System version 1.0

Description The issue concerns an arbitrary file upload vulnerability. This vulnerability is located in the update account() function of the file rental/admin class.php.

Recommendations For Best House Rental Management System version 1.0, consider disabling the update account() function until a patch is available to prevent exploitation of the arbitrary file upload vulnerability. Restrict access to the rental/admin class.php file to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-46376

Affected Products

Best House Rental Management System

PT-2024-31977 · Unknown · Best House Rental Management System

CVE-2024-46376

Weakness Enumeration

Related Identifiers

Affected Products

References · 5