CVE-2024-10161

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*

History

21 Oct 2024, 21:35

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 8.8
First Time Phpgurukul
Phpgurukul boat Booking System
CPE cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*
References () https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_change_image_file_upload_rce.md - () https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_change_image_file_upload_rce.md - Exploit, Third Party Advisory
References () https://phpgurukul.com/ - () https://phpgurukul.com/ - Product
References () https://vuldb.com/?ctiid.280947 - () https://vuldb.com/?ctiid.280947 - Permissions Required
References () https://vuldb.com/?id.280947 - () https://vuldb.com/?id.280947 - Third Party Advisory
References () https://vuldb.com/?submit.425440 - () https://vuldb.com/?submit.425440 - Third Party Advisory

21 Oct 2024, 17:09

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en PHPGurukul Boat Booking System 1.0. Afecta a una parte desconocida del archivo change-image.php del componente Update Boat Image Page. La manipulación del argumento image permite la carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.

20 Oct 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-20 01:15

Updated : 2024-10-21 21:35


NVD link : CVE-2024-10161

Mitre link : CVE-2024-10161

CVE.ORG link : CVE-2024-10161


JSON object : View

Products Affected

phpgurukul

  • boat_booking_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type