{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6114","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-06-18T06:01:55.156Z","datePublished":"2024-06-18T13:00:05.407Z","dateUpdated":"2024-08-01T21:33:04.356Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-06-18T13:00:05.407Z"},"title":"itsourcecode Monbela Tourist Inn Online Reservation System controller.php unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"CWE-434 Unrestricted Upload"}]}],"affected":[{"vendor":"itsourcecode","product":"Monbela Tourist Inn Online Reservation System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268866 is the identifier assigned to this vulnerability."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in itsourcecode Monbela Tourist Inn Online Reservation System bis 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei controller.php. Durch Manipulation des Arguments image mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-06-18T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-06-18T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-06-18T09:02:05.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"wangyuan-ui (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.268866","name":"VDB-268866 | itsourcecode Monbela Tourist Inn Online Reservation System controller.php unrestricted upload","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.268866","name":"VDB-268866 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.358995","name":"Submit #358995 | itsourcecode Monbela Tourist In Online Reservation System Using PHP V1.0 Unrestricted Upload","tags":["third-party-advisory"]},{"url":"https://github.com/wangyuan-ui/CVE/issues/4","tags":["exploit","issue-tracking"]}]},"adp":[{"affected":[{"vendor":"itsourcecode","product":"monbela_tourist_inn_online_reservation_system","cpes":["cpe:2.3:a:itsourcecode:monbela_tourist_inn_online_reservation_system:1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-01T21:21:36.222411Z","id":"CVE-2024-6114","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-03T15:47:58.070Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:33:04.356Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.268866","name":"VDB-268866 | itsourcecode Monbela Tourist Inn Online Reservation System controller.php unrestricted upload","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.268866","name":"VDB-268866 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.358995","name":"Submit #358995 | itsourcecode Monbela Tourist In Online Reservation System Using PHP V1.0 Unrestricted Upload","tags":["third-party-advisory","x_transferred"]},{"url":"https://github.com/wangyuan-ui/CVE/issues/4","tags":["exploit","issue-tracking","x_transferred"]}]}]}}