CyberSec.Space Logo
Back to CVE Browser

CVE-2020-24203

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1770%
EPSS Percentile16.05th
PublishedAug 27, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

Affected Platforms (CPE)

πŸ“¦
Projectworlds

Travel Management System

= 1.0

References & Advisories

πŸ”— https://github.com/hyd3sec/TravelManagementSystemRCE
πŸ”— https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/
πŸ”— https://github.com/hyd3sec/TravelManagementSystemRCE
πŸ”— https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/

Related Vulnerabilities

CVE-2021-252139.8

SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL stat...

CVE-2021-252089.8

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code vi...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...