cbcvebase.
CVE-2020-25763
published 2020-09-30

CVE-2020-25763: Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.98%
91.1th percentile
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.

Affected

1 ranges
VendorProductVersion rangeFixed in
seat_reservation_system_projectseat_reservation_system

Detection & IOCsextracted from sources · hover to see the quote

urladmin/ajax.php?action=save_movie
filename<random16chars>.php
otherapplication/php
command?d3crypt=whoami
  • Monitor POST requests to 'admin/ajax.php?action=save_movie' containing a file upload with Content-Type 'application/php' — this is the unauthenticated file upload endpoint abused for RCE.
  • Detect PHP webshell execution via the '?d3crypt=' query parameter in GET requests to uploaded files under the application's image/media directory.
  • Alert on PHP files uploaded to the web root's image/cover directory — the exploit uploads a randomly named .php file disguised as a movie cover image.
  • No authentication is required to reach the upload endpoint; flag any unauthenticated POST to save_movie that includes a file with a .php extension or application/php MIME type.
  • ·The exploit was tested specifically on Windows 10 + XAMPP 7.2.33-1; behavior on Linux-based stacks may differ slightly but the upload endpoint and webshell query parameter remain the same.
  • ·The webshell filename is 16 random alphanumeric characters followed by '.php', making static filename-based blocking ineffective — detection must focus on the upload path and MIME type instead.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.