exploitDog

CVE-2024-32256

Опубликовано: 16 апр. 2024

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.

Ссылки

https://github.com/jinhaochan/CVE-POC/blob/main/tms/POC.md
Broken Link
Exploit
Third Party Advisory
https://github.com/jinhaochan/CVE-POC/blob/main/tms/POC.md
Broken Link
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:tourism_management_system:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00167

Низкий

8.1 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-5g37-8p7x-w23g

CVSS3: 8.1

github

почти 2 года назад

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.

EPSS

Процентиль: 38%

0.00167

Низкий

8.1 High

CVSS3

Дефекты

CWE-434