Codezips Tourist Management System 1.0 create-package.php packageimage kura hakki ndiyam

Gaskiya vulnerability da aka ware a matsayin kura an samu a Codezips Tourist Management System 1.0. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /admin/create-package.php, a cikin sashen $software_component. A sa manipulation of the argument packageimage ka kura hakki ndiyam. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-434. Hakika, rauni an bayyana shi 10/10/2024. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2024-9815. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

2 Goyarwa · 85 Datenpunkte

FurɗeSúgá
10/10/2024 10:50		Gargadi 1/1
10/11/2024 11:32
software_vendorCodezipsCodezips
software_nameTourist Management SystemTourist Management System
software_version1.01.0
software_file/admin/create-package.php/admin/create-package.php
software_argumentpackageimagepackageimage
vulnerability_cweCWE-434 (kura hakki ndiyam)CWE-434 (kura hakki ndiyam)
vulnerability_risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prHH
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
advisory_urlhttps://github.com/ppp-src/CVE/issues/12https://github.com/ppp-src/CVE/issues/12
exploit_availability11
exploit_publicity11
exploit_urlhttps://github.com/ppp-src/CVE/issues/12https://github.com/ppp-src/CVE/issues/12
source_cveCVE-2024-9815CVE-2024-9815
cna_responsibleVulDBVulDB
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auMM
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_prHH
cvss4_vuldb_uiNN
cvss4_vuldb_vcLL
cvss4_vuldb_viLL
cvss4_vuldb_vaLL
cvss4_vuldb_ePP
cvss2_vuldb_rlNDND
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore5.85.8
cvss2_vuldb_tempscore5.05.0
cvss3_vuldb_basescore4.74.7
cvss3_vuldb_tempscore4.34.3
cvss3_meta_basescore4.74.7
cvss3_meta_tempscore4.34.5
cvss4_vuldb_bscore5.15.1
cvss4_vuldb_btscore2.02.0
advisory_date1728511200 (10/10/2024)1728511200 (10/10/2024)
price_0day$0-$5k$0-$5k
cve_nvd_summaryA vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prH
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prH
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore4.7
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auM
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore5.8
cvss4_cna_bscore5.1

GurɗoGumtiGada

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!