CVE-2020-25763
CRITICALSeat Reservation System - Unrestricted File Upload
Title source: ruleDescription
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159260/Seat-Reservation-System-1.0-Shell-Upload.html
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Sep/41
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/author/15149
Scores
CVSS v3
9.8
EPSS
0.1235
EPSS Percentile
93.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
seat_reservation_system_project/seat_reservation_system
1.0
Published
Sep 30, 2020
Tracked Since
Feb 18, 2026