CVE-2024-51208 — HIGH (7.2)

Vulnerability Description

File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Phpgurukul	Boat Booking System	1.0

Related Weaknesses (CWE)

CWE-434

References

https://gist.github.com/Esquirez/985db6c65219a3e5a6521e291524aaa0Third Party Advisory
https://phpgurukul.com/boat-booking-system-using-php-and-mysql/Product

FAQ

What is CVE-2024-51208?

CVE-2024-51208 is a vulnerability with a CVSS score of 7.2 (HIGH). File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.

How severe is CVE-2024-51208?

CVE-2024-51208 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-51208?

Check the references section above for vendor advisories and patch information. Affected products include: Phpgurukul Boat Booking System.