CVE-2024-32256
Severity
8.1HIGH
EPSS
0.1%
top 66.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 16
Description
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2