Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HProjectworlds Travel Management System
APPProjectworlds1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEAuth Bypass
Powiązane podatności
CVE-2024-51327CRITICAL9.8PL ✓ten sam produkt
SQL Injection w Travel Management System — ominięcie uwierzytelniania
CVE-2024-51326HIGH7.5ten sam produkt
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execut...
CVE-2025-9925MEDIUM5.5ten sam produkt
A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown proce...
CVE-2025-9924MEDIUM5.5ten sam produkt
A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unkno...
CVE-2025-9926MEDIUM5.5ten sam produkt
A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function ...