PT-2024-38390 · Itsourcecode · Itsourcecode Airline Reservation System
Quad
·
Published
2024-08-06
·
Updated
2024-09-11
·
CVE-2024-7500
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
itsourcecode Airline Reservation System version 1.0
Description
A critical issue has been found in the itsourcecode Airline Reservation System, where the
save settings function in the admin/admin class.php file is affected. The manipulation of the img argument leads to unrestricted upload. This issue can be exploited remotely.Recommendations
For itsourcecode Airline Reservation System version 1.0, consider disabling the
save settings function in the admin/admin class.php file until a patch is available to prevent unrestricted upload. Restrict access to the admin/admin class.php file to minimize the risk of exploitation. Avoid using the img argument in the affected function until the issue is resolved.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Itsourcecode Airline Reservation System