Unrestricted File Upload Vulnerabilities in Travelon Express by Travelon
CVE-2012-2939

Currently unrated

Key Information:

Vendor

Itechscripts

Status
Travelon Express
Vendor
CVE Published:
27 May 2012

What is CVE-2012-2939?

Travelon Express version 6.2.2 contains multiple vulnerabilities allowing authenticated users to exploit unrestricted file uploads. By utilizing scripts such as airline-edit.php, hotel-image-add.php, or hotel-add.php, attackers can upload files with executable extensions. This could lead to remote code execution, compromising the server and potentially other connected systems. It is important for users of Travelon Express to evaluate their installations and apply necessary mitigations against these vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/53500
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/75542
vdb-entryx_refsource_XF
http://www.osvdb.org/81889
vdb-entryx_refsource_OSVDB

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.