CVE-2024-10410

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/K1nako0/tmp_vuln9/blob/main/README.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.281953 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.281953 Third Party Advisory VDB Entry
https://vuldb.com/?submit.431502 Third Party Advisory VDB Entry
https://www.sourcecodester.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*

History

29 Oct 2024, 20:41

Type Values Removed Values Added
CPE cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 7.2
References () https://github.com/K1nako0/tmp_vuln9/blob/main/README.md - () https://github.com/K1nako0/tmp_vuln9/blob/main/README.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.281953 - () https://vuldb.com/?ctiid.281953 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.281953 - () https://vuldb.com/?id.281953 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.431502 - () https://vuldb.com/?submit.431502 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
First Time Janobe online Hotel Reservation System
Janobe

28 Oct 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester Online Hotel Reservation System 1.0. Esta vulnerabilidad afecta a la función de carga del archivo /admin/mod_room/controller.php?action=add. La manipulación del argumento image permite una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit se ha hecho público y puede utilizarse.

27 Oct 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-27 04:15

Updated : 2024-10-29 20:41


NVD link : CVE-2024-10410

Mitre link : CVE-2024-10410

CVE.ORG link : CVE-2024-10410


JSON object : View

Products Affected

janobe

  • online_hotel_reservation_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type