CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9816 – Codezips Tourist Management System change-image.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-9816
10 Oct 2024 — A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ppp-src/CVE/issues/13 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9815 – Codezips Tourist Management System create-package.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-9815
10 Oct 2024 — A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ppp-src/CVE/issues/12 • CWE-434: Unrestricted Upload of File with Dangerous Type •