CVE-2024-6084

Name of the Vulnerable Software and Affected Versions: Bethesda Online Reservation System version 1.0

Description: A critical issue has been found in the Bethesda Online Reservation System, affecting the uploadImage function of the file /admin/mod room/controller.php?action=add. The manipulation of the image argument leads to unrestricted upload. This issue can be exploited remotely.

Recommendations: For version 1.0, as a temporary workaround, consider disabling the uploadImage function until a patch is available. Restrict access to the /admin/mod room/controller.php?action=add endpoint to minimize the risk of exploitation. Avoid using the image argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.