CRITICAL🇵🇱 Wersja polska

CVE-2020-24203

CVSS 9.8v3.1pub. 2020-08-27upd. 2024-11-21

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Projectworlds Travel Management System

    APP
    Projectworlds
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2024-51327CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Travel Management System — ominięcie uwierzytelniania

CVE-2024-51326HIGH7.5ten sam produkt

SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execut...

CVE-2025-9925MEDIUM5.5ten sam produkt

A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown proce...

CVE-2025-9924MEDIUM5.5ten sam produkt

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unkno...

CVE-2025-9926MEDIUM5.5ten sam produkt

A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function ...