CVE-2020-28136

Опубликовано: 17 нояб. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.

Ссылки

https://phpgurukul.com/tourism-management-system-free-download/
Product
https://www.exploit-db.com/exploits/48892
Exploit
Third Party Advisory
VDB Entry
https://phpgurukul.com/tourism-management-system-free-download/
Product
https://www.exploit-db.com/exploits/48892
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:tourism_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02415

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-mfr8-h382-jvv4