CVE-2020-28136

8.8HIGH

Key Information:

Vendor: PHPgurukul
Status: Tourism Management System
Vendor: CVE Published:; 17 November 2020

Summary

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.

References

https://phpgurukul.com/tourism-management-system-free-dow...

x_refsource_MISC

https://www.exploit-db.com/exploits/48892

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2020
Vulnerability Reserved
Nov 2, 2020

Collectors

NVD DatabaseMitre Database