CVE-2025-29017

Published Apr 10, 2025

Last updated 10 months ago

CVSS high 8.8

Overview

Description
A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.
Source
cve@mitre.org
NVD status
Analyzed
Products
internet_banking_system

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-434

Social media

Hype score
Not currently trending

  1. #exploit 1⃣. CVE-2025-20281: Cisco ISE API Unauthenticated RCE - https://t.co/bpaj1sWXKa 2⃣. CVE-2025-29017: Internet Banking System 2.0 RCE via Profile Picture Upload - https://t.co/4SzolqXLza 3⃣. CVE-2025-22230, CVE-2025-22247: The Guest Who Could - Exploiting LPE in VMW

    @ksg93rd

    28 Jul 2025

    326 Impressions

    1 Retweet

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-29017 A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter wit… https://t.co/LJ31XM4iEY

    @CVEnew

    10 Apr 2025

    399 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.CVE-2025-29015
  2. A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.CVE-2025-29018
  3. A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts.CVE-2024-56924
  4. A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability.CVE-2024-0781
  5. A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability.CVE-2024-0773

References

Sources include official advisories and independent security research.