CVEブラウザに戻る

CVE-2020-24203

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1770%

EPSS Percentile16.05th

Published2020年8月27日

Last Modified2024年11月21日

Vulnerability Description

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

Affected Platforms (CPE)

📦

Projectworlds

Travel Management System

= 1.0

References & Advisories

🔗 https://github.com/hyd3sec/TravelManagementSystemRCE

🔗 https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/

🔗 https://github.com/hyd3sec/TravelManagementSystemRCE

🔗 https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/

関連する脆弱性情報

CVE-2021-252139.8

SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL stat...

CVE-2021-252089.8

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code vi...

CVE-2020-941110.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...

CVE-2020-941210.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...