Unrestricted Upload Vulnerability in itsourcecode Simple Online Hotel Reservation System
CVE-2024-6115
Key Information:
- Vendor
Itsourcecode
- Vendor
- CVE Published:
- 18 June 2024
Badges
What is CVE-2024-6115?
A significant security flaw has been identified in the itsourcecode Simple Online Hotel Reservation System, specifically within the add_room.php functionality. This vulnerability allows attackers to exploit an unrestricted file upload capability, which can be triggered remotely. By manipulating the photo parameter, unauthorized users can upload malicious files to the server, potentially leading to further attacks, including system compromise. The existence of this exploit in the public domain raises serious concerns about the security posture of implementations running version 1.0 of this software. Immediate actions should be taken to address this vulnerability and protect sensitive data.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Simple Online Hotel Reservation System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved