File Upload Vulnerability in Boat Booking System by Anuj Kumar
CVE-2024-51208
7.2HIGH
Summary
The Boat Booking System developed by Anuj Kumar contains a security flaw within its image upload functionality. This vulnerability enables local attackers to upload arbitrary PHP scripts, potentially compromising the integrity of the server and executing unauthorized code. This could lead to serious security breaches, allowing attackers to manipulate or access sensitive information within the system. The vulnerability is particularly concerning as it does not impose sufficient validation checks on uploaded files, specifically the capabilities of the image upload mechanism, which can be exploited if not properly secured.
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD Database