CVE-2024-32254
Severity
8.8HIGH
EPSS
0.3%
top 46.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 16
Description
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9