CVE-2024-7944

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-7944
A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been classified as critical. Affected is the function UpdateDocumentsRequest of the file DocumentsController.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://vuldb.com/?id.275136 Third Party Advisory
https://vuldb.com/?ctiid.275136 Permissions Required
https://vuldb.com/?submit.393372 Issue Tracking
https://github.com/DeepMountains/zzz/blob/main/CVE2-2.md Technical Description
Configurations

Configuration 1 (hide)

cpe:2.3:a:adonesevangelista:laravel_property_management_system:1.0:*:*:*:*:*:*:*
History

21 Aug 2024, 15:24

Type Values Removed Values Added
First Time Adonesevangelista laravel Property Management System
Adonesevangelista
References () https://vuldb.com/?ctiid.275136 - () https://vuldb.com/?ctiid.275136 - Permissions Required
References () https://github.com/DeepMountains/zzz/blob/main/CVE2-2.md - () https://github.com/DeepMountains/zzz/blob/main/CVE2-2.md - Technical Description
References () https://vuldb.com/?submit.393372 - () https://vuldb.com/?submit.393372 - Issue Tracking
References () https://vuldb.com/?id.275136 - () https://vuldb.com/?id.275136 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:adonesevangelista:laravel_property_management_system:1.0:*:*:*:*:*:*:*

20 Aug 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-20 02:15

Updated : 2024-08-21 15:24

NVD link : CVE-2024-7944

Mitre link : CVE-2024-7944

JSON object : View

Products Affected

adonesevangelista

  • laravel_property_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type