| Título | Bdtask Flight Booking Software B2C Portal v3,1 Unrestricted File Upload |
|---|
| Descrição | The application's "Package Information" module in the B2C portal allows authenticated users to upload an image for a travel package. The file upload functionality fails to validate the file's extension or content type, permitting the upload of executable scripts (e.g., PHP web shells), which leads to Remote Code Execution. |
|---|
| Fonte | ⚠️ https://github.com/4m3rr0r/PoCVulDb/blob/main/README12.md |
|---|
| Utilizador | 4m3rr0r (UID 85795) |
|---|
| Submissão | 11/10/2025 15h47 (há 9 meses) |
|---|
| Moderação | 25/10/2025 18h21 (14 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 329893 [Bdtask Flight Booking Software até 3.1 Package Information /b2c/package-information Elevação de Privilégios] |
|---|
| Pontos | 18 |
|---|