CVE-2024-32256

Name of the Vulnerable Software and Affected Versions Phpgurukul Tourism Management System version 2.0

Description The issue allows for Unrestricted Upload of File with Dangerous Type via the "/tms/admin/change-image.php" API endpoint. When updating a current package, there are no checks for what types of files are uploaded from the image.

Recommendations For Phpgurukul Tourism Management System version 2.0, consider disabling the image upload functionality in the "/tms/admin/change-image.php" endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of uploading malicious files.