Vulnerability Details CVE-2020-24203
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.057
EPSS Ranking 89.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/hyd3sec/TravelManagementSystemRCE
- https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/
- https://github.com/hyd3sec/TravelManagementSystemRCE
- https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/
Products affected by CVE-2020-24203
-
cpe:2.3:a:projectworlds:travel_management_system:1.0