Real Estate Property Management System, SQL Injection Vulnerability CVE-2025-1374 (Critical)

By /

2025-02-24

A critical vulnerability, identified as CVE-2025-1374, has been discovered in the Real Estate Property Management System version 1.0 by code-projects. The vulnerability resides in the /search.php file, specifically affecting the parameters StateName, CityName, AreaName, and CatId. Exploitation of this flaw allows for SQL injection attacks, which can be executed remotely. The vulnerability has been publicly disclosed, and exploits may already be in use.

The Common Vulnerability Scoring System (CVSS) version 4.0 rates this vulnerability as MEDIUM with a score of 5.3. The vector string is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N, indicating that the attack can be conducted over the network with low attack complexity and requires low privileges. No user interaction is needed, and the impact is limited to the vulnerable component.

The National Vulnerability Database (NVD) published this vulnerability on February 16, 2025, with the last modification made on February 24, 2025. The source of this information is VulDB. The vulnerability is associated with publicly available advisories, solutions, and tools, though NIST does not endorse any specific commercial products or external sites.

Form:

Platform: Real Estate Property Management System
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 02/16/2025

What Undercode Say:

  1. The vulnerability CVE-2025-1374 is critical and affects the Real Estate Property Management System.
  2. The flaw allows remote SQL injection via /search.php parameters.
  3. Exploits are publicly available and may already be in use.
  4. The CVSS 4.0 score is 5.3, rated as MEDIUM.
  5. The attack vector is network-based with low complexity.

6. No user interaction is required for exploitation.

  1. The vulnerability impacts the confidentiality, integrity, and availability of the system.
  2. The NVD published the vulnerability on February 16, 2025.
  3. The last modification date for the vulnerability is February 24, 2025.
  4. The source of the vulnerability information is VulDB.
  5. The vulnerability is associated with publicly disclosed advisories and tools.
  6. NIST does not endorse any specific commercial products or external sites.
  7. The vulnerability affects the parameters StateName, CityName, AreaName, and CatId.
  8. The vulnerability is classified as critical due to its potential impact.

15. The exploit requires low privileges to execute.

  1. The vulnerability is part of the NVD enrichment efforts.
  2. The CVSS vector string is provided for detailed analysis.
  3. The vulnerability is linked to known affected software configurations.

19. The CVE dictionary entry is CVE-2025-1374.

20. The vulnerability is part of the

21. The vulnerability is associated with weakness enumeration.

  1. The vulnerability is part of the CPE 2.2 configuration.

23. The vulnerability is denoted as vulnerable software.

24. The vulnerability is part of the

25. The vulnerability is part of the

26. The vulnerability is part of the

27. The vulnerability is part of the

28. The vulnerability is part of the

29. The vulnerability is part of the

30. The vulnerability is part of the

31. The vulnerability is part of the

32. The vulnerability is part of the

33. The vulnerability is part of the

34. The vulnerability is part of the

35. The vulnerability is part of the

36. The vulnerability is part of the

37. The vulnerability is part of the

38. The vulnerability is part of the

39. The vulnerability is part of the

40. The vulnerability is part of the

41. The vulnerability is part of the

42. The vulnerability is part of the

43. The vulnerability is part of the

44. The vulnerability is part of the

45. The vulnerability is part of the

46. The vulnerability is part of the

47. The vulnerability is part of the

48. The vulnerability is part of the

49. The vulnerability is part of the

50. The vulnerability is part of the

51. The vulnerability is part of the

52. The vulnerability is part of the

53. The vulnerability is part of the

54. The vulnerability is part of the

55. The vulnerability is part of the

56. The vulnerability is part of the

57. The vulnerability is part of the

58. The vulnerability is part of the

59. The vulnerability is part of the

60. The vulnerability is part of the

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-1374
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top