CVE-2024-42767

Name of the Vulnerable Software and Affected Versions Kashipara Hotel Management System version 1.0

Description The issue concerns an Unrestricted File Upload vulnerability, allowing Remote Code Execution (RCE) through the /admin/add room controller.php endpoint. This means an attacker can upload malicious files to the system without proper restrictions, potentially leading to the execution of arbitrary code.

Recommendations For Kashipara Hotel Management System version 1.0, as a temporary workaround, consider disabling access to the /admin/add room controller.php endpoint until a patch is available. Restricting file uploads to only necessary and validated files can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.