Insecure File Permissions in Projects World Travel Management System by Projects World
CVE-2020-24203

9.8CRITICAL

Key Information:

Vendor: Projectworlds
Status: Travel Management System
Vendor: CVE Published:; 27 August 2020

🔔 Create Projectworlds Vulnerability Alert

What is CVE-2020-24203?

The Projects World Travel Management System v1.0 contains a vulnerability in the upload pic function located in updatesubcategory.php. This flaw allows remote unauthenticated attackers to exploit insecure file permissions, potentially leading to arbitrary file uploads and remote code execution. As a result, unauthorized users may access sensitive parts of the system or upload malicious files, posing significant risks to the application's integrity and security.

References

https://projectworlds.in/free-projects/php-projects/trave...

x_refsource_MISC

https://github.com/hyd3sec/TravelManagementSystemRCE

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2020
Vulnerability Reserved
Aug 13, 2020