CVE-2024-10410

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

More information : https://github.com/K1nako0/tmp_vuln9/blob/main/README.md

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : HIGH
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 7.2
Base severity : HIGH
Exploitability score : 1.2
Impact score : 5.9