CVE-2024-2531

Name of the Vulnerable Software and Affected Versions MAGESH-K21 Online-College-Event-Hall-Reservation-System version 1.0

Description A critical vulnerability has been found in the system, affecting an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For MAGESH-K21 Online-College-Event-Hall-Reservation-System version 1.0, consider disabling the update-rooms.php file in the /admin directory until a patch is available to prevent unrestricted upload. Restrict access to the /admin/update-rooms.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.