PT-2021-16457 · Sourcecodester · Sourcecodester Travel Management System

Published

2021-07-23

Updated

2021-09-13

CVE-2021-25208

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SourceCodester Travel Management System version 1.0

Description: The issue allows attackers to execute arbitrary code via file upload to the "updatepackage.php" endpoint. This enables arbitrary file upload, potentially leading to code execution.

Recommendations: For SourceCodester Travel Management System version 1.0, consider disabling the file upload functionality to the "updatepackage.php" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-25208

Affected Products

Sourcecodester Travel Management System

PT-2021-16457 · Sourcecodester · Sourcecodester Travel Management System

CVE-2021-25208

Weakness Enumeration

Related Identifiers

Affected Products

References · 4