QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2939

Published: May 27, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

travelonexpress-multiple-file-upload(75542)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

http://iel-sayed.blogspot.com/2012/05/travelon-express-cms-v622-multiple-web.html

x_refsource_MISC

http://www.vulnerability-lab.com/get_content.php?id=530

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2012-2939 - Security Vulnerability | QwikSec