CVE-2024-6110
itsourcecode Magbanua Beach Resort Online Reservation System controller.php unrestricted upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268856.
Se encontró una vulnerabilidad en itsourcecode Magbanua Beach Resort Online Reservation System hasta 1.0. Ha sido calificada como crítica. Una función desconocida del archivo controller.php es afectada por esta vulnerabilidad. La manipulación de la imagen del argumento conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-268856.
Eine kritische Schwachstelle wurde in itsourcecode Magbanua Beach Resort Online Reservation System bis 1.0 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei controller.php. Mittels dem Manipulieren des Arguments image mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-18 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- 2024-08-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.268856 | Technical Description | |
| https://vuldb.com/?submit.358592 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Laster-dev/CVE/issues/1 | 2024-08-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Itsourcecode Search vendor "Itsourcecode" | Magbanua Beach Resort Online Reservation System Search vendor "Itsourcecode" for product "Magbanua Beach Resort Online Reservation System" | 1.0 Search vendor "Itsourcecode" for product "Magbanua Beach Resort Online Reservation System" and version "1.0" | en |
Affected
| ||||||