CVE-2020-24203: Malicious File Upload
First published: Thu Aug 27 2020(Updated: )
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| projectworlds Travel management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-24203.
What is the severity rating for CVE-2020-24203?
The severity rating for CVE-2020-24203 is critical with a value of 9.8.
How does CVE-2020-24203 impact Projects World Travel Management System v1.0?
CVE-2020-24203 allows remote unauthenticated attackers to gain remote code execution in Projects World Travel Management System v1.0.
What is the CWE ID for CVE-2020-24203?
The CWE ID for CVE-2020-24203 is 425 and 434.
How can I fix the Insecure File Permissions and Arbitrary File Upload vulnerability in Projects World Travel Management System v1.0?
To fix the vulnerability, ensure that proper file permissions are set and validate user input before allowing file uploads.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/projectworlds
- canonical/projectworlds travel management system
- version/projectworlds travel management system/1.0