CVE-2024-10413

A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/K1nako0/tmp_vuln11/blob/main/README.md Broken Link
https://vuldb.com/?ctiid.281954 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.281954 Third Party Advisory VDB Entry
https://vuldb.com/?submit.431595 Third Party Advisory VDB Entry
https://www.sourcecodester.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*

History

29 Oct 2024, 20:33

Type Values Removed Values Added
CPE cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 9.8
References () https://github.com/K1nako0/tmp_vuln11/blob/main/README.md - () https://github.com/K1nako0/tmp_vuln11/blob/main/README.md - Broken Link
References () https://vuldb.com/?ctiid.281954 - () https://vuldb.com/?ctiid.281954 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.281954 - () https://vuldb.com/?id.281954 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.431595 - () https://vuldb.com/?submit.431595 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
First Time Janobe online Hotel Reservation System
Janobe

28 Oct 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester Online Hotel Reservation System 1.0. Este problema afecta a la función de carga del archivo /guest/update.php. La manipulación del argumento image permite una carga sin restricciones. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse.

27 Oct 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-27 10:15

Updated : 2024-10-29 20:33


NVD link : CVE-2024-10413

Mitre link : CVE-2024-10413

CVE.ORG link : CVE-2024-10413


JSON object : View

Products Affected

janobe

  • online_hotel_reservation_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type