Headline
CVE-2022-25115: CVE-nu11secur1ty/vendors/oretnom23/2022/Home-Owners-Collection-Management at main · nu11secur1ty/CVE-nu11secur1ty
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file.
Home Owners Collection Management****Vendor
Description:
The system Home Owners Collection Management System 1.0 is vulnerable to RCE The employee or user who requests an administrative or another type of account can upload dangerous RCE code and he can use it to manipulate the system. It depends on the malicious scenarios. This is CRITICAL for the owner of this system! Not correctly sanitizing, of extension for upload the picture, when the user wants to upload and change his profile picture!
Status: CRITICAL
Reproduce:
href
Proof and Exploit:
href