CVE-2024-6084 | itsourcecode Pool of Bethesda Online Reservation System up to 1.0 controller.php uploadImage image unrestricted upload

Posted by Angelo Barbosa | Jun 17, 2024 | CVE

A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload.

This vulnerability is known as CVE-2024-6084. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-6084 | itsourcecode Pool of Bethesda Online Reservation System up to 1.0 controller.php uploadImage image unrestricted upload

Related Posts

CVE-2023-48880 | EyouCMS 1.6.4-UTF8-SP1 login.php Menu Name cross site scripting (Issue 52)

CVE-2024-32020 | Git permissions (GHSA-5rfh-556j-fhgj)

CVE-2024-1426 | bdthemes Element Pack Elementor Addons Plugin up to 5.6.0 on WordPress Price List Widget link cross site scripting

CVE-2024-36444 | Swissphone DiCal-RED 2.cgi Log cgi-bin/fdmcgiwebv2.cgi information disclosure (SYSS-2024-040)