CVE-2024-6114

A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268866 is the identifier assigned to this vulnerability.
References
Link Resource
https://github.com/wangyuan-ui/CVE/issues/4 Exploit Third Party Advisory
https://vuldb.com/?ctiid.268866 Permissions Required Third Party Advisory
https://vuldb.com/?id.268866 Third Party Advisory
https://vuldb.com/?submit.358995 Third Party Advisory
https://github.com/wangyuan-ui/CVE/issues/4 Exploit Third Party Advisory
https://vuldb.com/?ctiid.268866 Permissions Required Third Party Advisory
https://vuldb.com/?id.268866 Third Party Advisory
https://vuldb.com/?submit.358995 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:janobe:monbela_tourist_inn_online_reservation_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:48

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 7.3
References () https://github.com/wangyuan-ui/CVE/issues/4 - Exploit, Third Party Advisory () https://github.com/wangyuan-ui/CVE/issues/4 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.268866 - Permissions Required, Third Party Advisory () https://vuldb.com/?ctiid.268866 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.268866 - Third Party Advisory () https://vuldb.com/?id.268866 - Third Party Advisory
References () https://vuldb.com/?submit.358995 - Third Party Advisory () https://vuldb.com/?submit.358995 - Third Party Advisory

23 Aug 2024, 16:38

Type Values Removed Values Added
CPE cpe:2.3:a:janobe:monbela_tourist_inn_online_reservation_system:1.0:*:*:*:*:*:*:*
First Time Janobe
Janobe monbela Tourist Inn Online Reservation System
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
References () https://github.com/wangyuan-ui/CVE/issues/4 - () https://github.com/wangyuan-ui/CVE/issues/4 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.268866 - () https://vuldb.com/?ctiid.268866 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.268866 - () https://vuldb.com/?id.268866 - Third Party Advisory
References () https://vuldb.com/?submit.358995 - () https://vuldb.com/?submit.358995 - Third Party Advisory

20 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad ha sido encontrada en itsourcecode Monbela Tourist Inn Online Reservation System y clasificada como crítica. Una función desconocida del archivo controller.php es afectada por esta vulnerabilidad. La manipulación de la imagen del argumento conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-268866 es el identificador asignado a esta vulnerabilidad.

18 Jun 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-18 13:15

Updated : 2024-11-21 09:48


NVD link : CVE-2024-6114

Mitre link : CVE-2024-6114

CVE.ORG link : CVE-2024-6114


JSON object : View

Products Affected

janobe

  • monbela_tourist_inn_online_reservation_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type