VDB-290817 · CVE-2024-13212 · GCVE-100-290817

SingMR HouseRent 1.0 AddHouseController.java singleUpload/upload Fayiro ebisanyizo ebyongerwako

Waliwo obulabe obwategekeddwa nga ekikulu nnyo obuzuliddwa mu SingMR HouseRent 1.0. Obulabe buli ku omugaso singleUpload/upload ku fayiro src/main/java/com/house/wym/controller/AddHouseController.java. Okukozesa ku lugero Fayiro kivirako ebisanyizo ebyongerwako. Okukozesa CWE okulaga ekizibu kireetera CWE-434. Obunafu buno bwateekebwawo ku 08/01/2025 nga HouseRent allows arbitrary file uploads #13. Ekiteeso kino kisangibwa ku mukutu ogusobola okuddownloadinga ku github.com. Obunafu buno buzibwa nga CVE-2024-13212. Kisoboka okutandika okukola attack okuva wala. Obulambulukufu bw'eby'ekikugu buliwo. Okuddamu, waliwo ekikozesebwa ekiriwo. Ekikozesebwa kyamanyiddwa mu bantu era kisobola okukozesebwa. Mu kiseera kino, omutengo ogw’akaseera ku kikozesebwa kiyinza okuba nga giri mu USD $0-$5k mu kiseera kino. Kitegekeddwa nga ebikakasa eby'okukakasa obusobozi. Kisoboka okuddownloadinga exploit ku github.com. Ng’era 0-day, omuwendo ogusabibwa mu kifo ky’obutali mu mateeka gwali nga wa ddala $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 Okukyuusa · 99 Obubonero bw'ebikwata ku byuma

Ekibanja	Kikolebwa 08/01/2025 17:59	Okukozesa enkola empya 1/3 09/01/2025 13:53	Okukozesa enkola empya 2/3 09/01/2025 14:56	Okukozesa enkola empya 3/3 15/10/2025 23:09
software_vendor	SingMR	SingMR	SingMR	SingMR
software_name	HouseRent	HouseRent	HouseRent	HouseRent
software_version	1.0	1.0	1.0	1.0
software_file	src/main/java/com/house/wym/controller/AddHouseController.java	src/main/java/com/house/wym/controller/AddHouseController.java	src/main/java/com/house/wym/controller/AddHouseController.java	src/main/java/com/house/wym/controller/AddHouseController.java
software_function	singleUpload/upload	singleUpload/upload	singleUpload/upload	singleUpload/upload
software_argument	file	file	file	file
vulnerability_cwe	CWE-434 (ebisanyizo ebyongerwako)	CWE-434 (ebisanyizo ebyongerwako)	CWE-434 (ebisanyizo ebyongerwako)	CWE-434 (ebisanyizo ebyongerwako)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_identifier	HouseRent allows arbitrary file uploads #13	HouseRent allows arbitrary file uploads #13	HouseRent allows arbitrary file uploads #13	HouseRent allows arbitrary file uploads #13
advisory_url	https://github.com/SingMR/HouseRent/issues/13	https://github.com/SingMR/HouseRent/issues/13	https://github.com/SingMR/HouseRent/issues/13	https://github.com/SingMR/HouseRent/issues/13
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/SingMR/HouseRent/issues/13#issue-2762125363	https://github.com/SingMR/HouseRent/issues/13#issue-2762125363	https://github.com/SingMR/HouseRent/issues/13#issue-2762125363	https://github.com/SingMR/HouseRent/issues/13#issue-2762125363
source_cve	CVE-2024-13212	CVE-2024-13212	CVE-2024-13212	CVE-2024-13212
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	7.1
cvss3_meta_tempscore	5.7	6.0	6.0	6.9
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1736290800 (08/01/2025)	1736290800 (08/01/2025)	1736290800 (08/01/2025)	1736290800 (08/01/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		L	L	L
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.3	5.3	5.3
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		6.3	6.3	6.3
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		P	P	P
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		6.5	6.5	6.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad clasificada como crítica en SingMR HouseRent 1.0. Afecta a la función singleUpload/upload del archivo src/main/java/com/house/wym/controller/AddHouseController.java. La manipulación del archivo de argumentos provoca una carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.	Se ha encontrado una vulnerabilidad clasificada como crítica en SingMR HouseRent 1.0. Afecta a la función singleUpload/upload del archivo src/main/java/com/house/wym/controller/AddHouseController.java. La manipulación del archivo de argumentos provoca una carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ Ddaabayo Okusaba Kw'ebintu Byonna Genda mu maaso ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!