CVE-2020-24203

CRITICAL

Projects World Travel Management System v1.0 - RCE

Title source: llm

Description

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

References (2)

[Exploit, Third Party Advisory] https://projectworlds.in/free-projects/php-projects/travel-management-system-project-in-php-mysql/

[Exploit, Third Party Advisory] https://github.com/hyd3sec/TravelManagementSystemRCE

Scores

CVSS v3 9.8

EPSS 0.0569

EPSS Percentile 90.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434 CWE-425

Status published

Products (1)

projectworlds/travel_management_system 1.0

Published Aug 27, 2020

Tracked Since Feb 18, 2026