exploitDog

CVE-2020-24203

Опубликовано: 27 авг. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

Ссылки

https://github.com/hyd3sec/TravelManagementSystemRCE
Exploit
Third Party Advisory
https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/
Exploit
Third Party Advisory
https://github.com/hyd3sec/TravelManagementSystemRCE
Exploit
Third Party Advisory
https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectworlds:travel_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05688

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-mwjj-8f4v-rq25

CVSS3: 9.8

github

больше 3 лет назад

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

EPSS

Процентиль: 90%

0.05688

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-425