CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3806 – SourceCodester House Rental and Property Listing System btn_functions.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-3806
A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btn_functions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GZRsecurity/Cve-System/blob/main/House%20Rental%20and%20Property%20Listing%20System%20register.php%20has%20%20File%20Upload(RCE)%20Vulnerability.pdf https://vuldb.com/?ctiid.235074 https://vuldb.com/?id.235074 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-25790
https://notcve.org/view.php?id=CVE-2021-25790
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number. Múltiples vulnerabilidades de tipo cross site scripting (XSS) almacenadas en el módulo "Register" de House Rental and Property Listing versión 1.0, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de cargas útiles diseñadas en todos los campos de texto excepto en Phone Number y Alternate Phone Number • https://github.com/MrCraniums/CVE-2021-25790-Multiple-Stored-XSS https://www.exploit-db.com/exploits/49352 https://www.sourcecodester.com https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •