CVE-2024-51208:

7.2 CVSS

Description

File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.

Classification

CVE ID: CVE-2024-51208

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 21.56% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://phpgurukul.com/boat-booking-system-using-php-and-mysql/
https://gist.github.com/Esquirez/985db6c65219a3e5a6521e291524aaa0

Timeline

2024-11-27 14:42:02 UTC
CVE