CVE-2024-13212
SingMR HouseRent AddHouseController.java upload unrestricted upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Es wurde eine Schwachstelle in SingMR HouseRent 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion singleUpload/upload der Datei src/main/java/com/house/wym/controller/AddHouseController.java. Durch Beeinflussen des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-01-08 CVE Reserved
- 2025-01-09 CVE Published
- 2025-01-09 CVE Updated
- 2025-01-09 EPSS Updated
- 2025-01-09 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/SingMR/HouseRent/issues/13 | Issue Tracking | |
| https://vuldb.com/?id.290817 | Technical Description | |
| https://vuldb.com/?submit.471441 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/SingMR/HouseRent/issues/13#issue-2762125363 | 2025-01-09 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|