CVE-2025-9848
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| scriptandtools | real_estate_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-698 | The web application sends a redirect to another location, but instead of exiting, it executes additional code. |
| CWE-705 | The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the ScriptAndTools Real Estate Management System version 1.0, specifically in the file /admin/userlist.php. It occurs because the application performs a redirect but continues executing code afterward instead of stopping properly (missing die() or exit() after header() redirect). Attackers can exploit this by bypassing authentication and directly accessing the admin user list page, leading to unauthorized access to sensitive user information. The vulnerability is classified under CWE-284 and CWE-698 and can be exploited remotely without authentication. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive user information by allowing attackers to bypass authentication controls. It compromises the confidentiality, integrity, and availability of the system. Attackers can remotely exploit this flaw without any authentication, potentially leading to security breaches and further exploitation of other vulnerabilities within the system. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can cause compliance violations because it allows unauthorized access to sensitive user information, which may include personal data protected under regulations like GDPR and HIPAA. Unauthorized disclosure of such data can lead to breaches of privacy laws and regulatory requirements, resulting in legal and financial consequences for the affected organization. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the URL /admin/userlist.php is accessible without authentication, especially by using tools or browser extensions that disable automatic redirects. One detection method is to attempt accessing the URL directly and observe if sensitive user information is disclosed. Additionally, attackers can locate vulnerable targets using Google dorking with the query: inurl:admin/userlist.php. Commands to test this could include using curl or wget to access the URL, for example: curl -I http://<target-ip>:<port>/admin/userlist.php or using a browser with redirect disabled to access the URL and check for unauthorized access. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying proper access control by ensuring that after any header() redirect in /admin/userlist.php, the script terminates execution using die() or exit() statements to prevent further code execution. Since no known mitigations or countermeasures have been identified, it is also recommended to restrict access to the /admin/userlist.php URL via network controls or authentication mechanisms. Ultimately, replacing the affected component with an alternative product is suggested to fully address the vulnerability. [1, 2]