Unrestricted File Upload Vulnerabilities in Travelon Express by Travelon
CVE-2012-2939

Currently unrated

Key Information:

Vendor: Itechscripts
Status: Travelon Express
Vendor: CVE Published:; 27 May 2012

🔔 Create Itechscripts Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2012-2939?

Travelon Express version 6.2.2 contains multiple vulnerabilities allowing authenticated users to exploit unrestricted file uploads. By utilizing scripts such as airline-edit.php, hotel-image-add.php, or hotel-add.php, attackers can upload files with executable extensions. This could lead to remote code execution, compromising the server and potentially other connected systems. It is important for users of Travelon Express to evaluate their installations and apply necessary mitigations against these vulnerabilities.

References

http://www.securityfocus.com/bid/53500

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/75542

vdb-entryx_refsource_XF

http://www.osvdb.org/81889

vdb-entryx_refsource_OSVDB

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 27, 2012
👾
Exploit known to exist
May 27, 2012
Vulnerability published
May 27, 2012
Vulnerability Reserved
May 27, 2012

CVE-2012-2939 Data

JSON