CVE-2024-7910 | CodeAstro Online Railway Reservation System 1.0 Profile Photo Update emp-profile-avatar.php unrestricted upload

Posted by Angelo Barbosa | Aug 17, 2024 | CVE

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload.

This vulnerability is handled as CVE-2024-7910. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-7910 | CodeAstro Online Railway Reservation System 1.0 Profile Photo Update emp-profile-avatar.php unrestricted upload

Related Posts

CVE-2024-2072 | SourceCodester Flashcard Quiz App 1.0 update-flashcard.php question/answer cross site scripting

CVE-2023-47854 | Howard Ehrenberg Parallax Image Plugin up to 1.7.1 on WordPress cross site scripting

CVE-2024-24830 | OpenObserve up to 0.7.x Role-Based Access Control /api/{org_id}/users improper authorization (GHSA-hfxx-g56f-8h5v)

CVE-2023-6525 | ElementsKit Elementor Addons Plugin up to 3.0.3 on WordPress cross site scripting