返回 CVE 浏览器

CVE-2020-24203

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1770%

EPSS Percentile16.05th

Published2020年8月27日

Last Modified2024年11月21日

Vulnerability Description

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

Affected Platforms (CPE)

📦

Projectworlds

Travel Management System

= 1.0

References & Advisories

🔗 https://github.com/hyd3sec/TravelManagementSystemRCE

🔗 https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/

🔗 https://github.com/hyd3sec/TravelManagementSystemRCE

🔗 https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/

相关漏洞威胁

CVE-2021-252139.8

SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL stat...

CVE-2021-252089.8

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code vi...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...