File Upload Vulnerability in Boat Booking System by Anuj Kumar
CVE-2024-51208

7.2HIGH

Key Information:

Vendor: PHPgurukul
Status: Boat Booking System
Vendor: CVE Published:; 20 November 2024

What is CVE-2024-51208?

The Boat Booking System developed by Anuj Kumar contains a security flaw within its image upload functionality. This vulnerability enables local attackers to upload arbitrary PHP scripts, potentially compromising the integrity of the server and executing unauthorized code. This could lead to serious security breaches, allowing attackers to manipulate or access sensitive information within the system. The vulnerability is particularly concerning as it does not impose sufficient validation checks on uploaded files, specifically the capabilities of the image upload mechanism, which can be exploited if not properly secured.

References

https://phpgurukul.com/boat-booking-system-using-php-and-...

https://gist.github.com/Esquirez/985db6c65219a3e5a6521e29...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2024

PHPgurukul

What is CVE-2024-51208?

References

CVSS V3.1

Timeline