CVE-2012-2939

Name of the Vulnerable Software and Affected Versions Travelon Express version 6.2.2

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using specific API endpoints, such as "airline-edit.php", "hotel-image-add.php", or "hotel-add.php".

Recommendations For Travelon Express version 6.2.2, consider restricting access to the airline-edit.php, hotel-image-add.php, and hotel-add.php endpoints to prevent exploitation until a fix is available. Additionally, restrict the upload of files with executable extensions to minimize the risk of arbitrary code execution.