CVE-2024-10410

MEDIUM

Janobe Online Hotel Reservation System - Unrestricted File Upload

Title source: rule

Description

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WRITEUP

by K1nakoo · poc

https://github.com/K1nakoo/CVE-2024-10410

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.281953

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.281953

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.431502

[Exploit, Third Party Advisory] https://github.com/K1nako0/tmp_vuln9/blob/main/README.md

[Product] https://www.sourcecodester.com/

Scores

CVSS v3 6.3

EPSS 0.0395

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

janobe/online_hotel_reservation_system 1.0

Published Oct 27, 2024

Tracked Since Feb 18, 2026