Giters

MooseLoveti / RealEstate-PHP-CVE-Report

Disclosure for CVE-2025-50716 to CVE-2025-50721

Repository from Github https://github.comMooseLoveti/RealEstate-PHP-CVE-ReportRepository from Github https://github.comMooseLoveti/RealEstate-PHP-CVE-Report

Multiple Vulnerabilities in RealEstate-PHP v1.0

Disclosure for CVE-2025-50716 to CVE-2025-50721

CVE-2025-50716 ~ CVE-2025-50721 β€” Vulnerabilities in RealEstate-PHP v1.0

This repository discloses multiple vulnerabilities discovered in RealEstate-PHP v1.0, a PHP-based property listing management system developed by CodeAstro.

πŸ›  Affected Version

πŸ”’ Assigned CVEs

CVE ID Type Component Impact
CVE-2025-50716 Stored XSS userlist.php Admin session hijack
CVE-2025-50717 SQL Injection admin/index.php Admin login bypass
CVE-2025-50718 SQL Injection login.php User login bypass
CVE-2025-50719 Reflected XSS (POST) calc.php Arbitrary script execution
CVE-2025-50720 SQL Injection propertydetail.php?pid Data exposure
CVE-2025-50721 Remote Code Execution register.php Arbitrary PHP execution

🧾 Detailed Descriptions

CVE-2025-50716 β€” Stored XSS in Admin Panel

  • Affected Component: userlist.php
  • Attack Vector: Register with a name/email like <script>alert(1)</script>
  • Trigger: Admin views the user list
  • Impact: Arbitrary JavaScript execution in admin browser
  • PoC:
    1. Register with Name: <script>alert(document.domain)</script>
    2. Admin logs into /admin/userlist.php
    3. Payload executes

CVE-2025-50717 β€” SQL Injection in Admin Login

  • Affected Component: admin/index.php
  • Injection Point: auser field
  • Payload: ' OR 1=1 LIMIT 1 -- -
  • Impact: Admin authentication bypass

CVE-2025-50718 β€” SQL Injection in User Login

  • Affected Component: login.php
  • Injection Point: email field
  • Payload: 
    Email: test@example.com' OR 1=1 -- -
Password: any
  • Impact: Unauthorized user access

CVE-2025-50719 β€” Reflected XSS in Loan Calculator

  • Affected Component: calc.php
  • Attack Vector: POST request with JavaScript payload in any field
  • PoC: 
    <form action="http://target-site/RealEstate-PHP/calc.php" method="POST">
  <input name="amount" value='"><script>alert(1)</script>' />
  <input name="month" value="12" />
  <input name="interest" value="2" />
  <input type="submit" />
</form>
  • Impact: Script execution in user's browser

CVE-2025-50720 β€” SQL Injection via pid Parameter

  • Affected Component: propertydetail.php
  • Payload: 
    http://target/RealEstate-PHP/propertydetail.php?pid=1' OR 1=1 -- -
  • Impact: Dump all property records

CVE-2025-50721 β€” Remote Code Execution via File Upload

  • Affected Component: register.php
  • Issue: Uploads .php disguised as .png
  • Technique:
    • Intercept file upload request using Burp Suite
    • Change filename in Content-Disposition to shell.php
  • Result:
    • File is saved to /admin/user/shell.php
    • Accessing it allows remote OS command execution
  • Reference: Exploit-DB #51840

πŸ—“ Disclosure Timeline

Date Event
2024-05-02 Attempted to contact vendor (support@codeastro.com) – no response
2025-07-17 CVE-2025-50716–50721 assigned by MITRE
2025-07-17 This public advisory published

πŸ” Discoverer

Name: MooseLove
Role: Independent security researcher / bug hunter
Contact: Available upon request
PGP: Provided to MITRE during CVE request

πŸ“š References

⚠️ License

This advisory is provided for public security awareness. Free to share with attribution.

About

Disclosure for CVE-2025-50716 to CVE-2025-50721