PT-2020-15656 · Projectworlds · Projects World Travel Management System

Published

2020-08-27

Updated

2022-07-12

CVE-2020-24203

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Projects World Travel Management System version 1.0

Description The issue concerns Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php, allowing remote unauthenticated attackers to gain remote code execution.

Recommendations For Projects World Travel Management System version 1.0, consider restricting access to the updatesubcategory.php file and the upload pic function until a patch is available. As a temporary workaround, restrict file uploads to only necessary and authenticated users to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425CWE-434

Related Identifiers

CVE-2020-24203

Affected Products

Projects World Travel Management System

PT-2020-15656 · Projectworlds · Projects World Travel Management System

CVE-2020-24203

Weakness Enumeration

Related Identifiers

Affected Products

References · 5