Vulnerability CVE-2020-24203


Published: 2020-08-27

Description:
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Projects world travel management system project -> Projects world travel management system 

 References:
https://github.com/hyd3sec/TravelManagementSystemRCE
https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/

Copyright 2024, cxsecurity.com

 

Back to Top