| Titolo | Bdtask Flight Booking Software B2C Portal v3,1 Unrestricted File Upload |
|---|
| Descrizione | The application's "Package Information" module in the B2C portal allows authenticated users to upload an image for a travel package. The file upload functionality fails to validate the file's extension or content type, permitting the upload of executable scripts (e.g., PHP web shells), which leads to Remote Code Execution. |
|---|
| Fonte | ⚠️ https://github.com/4m3rr0r/PoCVulDb/blob/main/README12.md |
|---|
| Utente | 4m3rr0r (UID 85795) |
|---|
| Sottomissione | 11/10/2025 15:47 (8 mesi fa) |
|---|
| Moderazione | 25/10/2025 18:21 (14 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 329893 [Bdtask Flight Booking Software fino a 3.1 Package Information /b2c/package-information escalationi di privilegi] |
|---|
| Punti | 18 |
|---|