What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through <= 1.0.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through <= 1.0.0.
Explanation of Vulnerability in Simple Terms
Real Homes CRM versions up to 1.0.0 allow authenticated users to upload files without proper validation. An attacker with low-level access can upload malicious files—including executable code—that execute on the server. This grants full control over the site's data, files, and functionality. The vulnerability affects all confidentiality, integrity, and availability of the system.
What an attacker can do
Upload and execute malicious files on the server, gaining full control over the site.
Potential impact on your site
Complete compromise of the site: data theft, defacement, malware injection, and service disruption.
Conditions required to exploit
Attacker must have a low-privilege user account; no user interaction required.
Key dates
External resources
Related vulnerabilities