PT-2020-16932 · Sourcecodester · Sourcecodester Tourism Management System
Published
2020-11-17
·
Updated
2023-11-14
·
CVE-2020-28136
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Tourism Management System version 1.0
Description
An Arbitrary File Upload issue allows users to conduct remote code execution via the "admin/create-package.php" page. This enables attackers to upload malicious files, potentially leading to unauthorized access and control of the system.
Recommendations
For SourceCodester Tourism Management System version 1.0, consider restricting access to the "admin/create-package.php" page until a patch is available. As a temporary workaround, avoid using this page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Tourism Management System