CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-25208

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0050%
EPSS Percentile1.60th
Published2021年7月23日
Last Modified2024年11月21日

Vulnerability Description

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.

Affected Platforms (CPE)

📦
Travel Management System Project

Travel Management System

= 1.0

References & Advisories

🔗 https://github.com/BigTiger2020/Travel-Management-System/blob/main/Travel%20Management%20System.md
🔗 https://github.com/BigTiger2020/Travel-Management-System/blob/main/Travel%20Management%20System.md

関連する脆弱性情報

CVE-2020-242039.8

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel M...

CVE-2021-252139.8

SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL stat...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-138810.0

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could a...