CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-39424

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.5%

CVSS Severity

CVSS v3 Score 9.9

References

https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained
https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained

Products affected by CVE-2023-39424

Resortdata » Internet Reservation Module Next Generation » Version: 5.3.2.15

cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.3.2.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-39424

Products

Pricing

Contact Us