Remote Code Execution (RCE) Vulnerability in Home Owners Collection Management System v1.0

Remote Code Execution (RCE) Vulnerability in Home Owners Collection Management System v1.0

CVE-2022-25115 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file.

Learn more about our User Device Pen Test.