Guanguanlaoshi

**Name of the Vulnerable Software and Affected Versions** Projectworlds Online Tours and Travels version 1.0 **Description** A security issue exists in Projectworlds Online Tours and Travels 1.0 related to unrestricted file upload. The issue is located in the `/admin/change-image.php` file, where manipulation of the `packageimage` argument allows for unrestricted uploads. This attack can be initiated remotely, and details about the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.