Vulnerabilities > CVE-2012-2939 - Remote vulnerability in Itechscripts Travelon Express 6.2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Travelon Express CMS 6.2.2 - Multiple Vulnerabilities. CVE-2012-2938,CVE-2012-2939,CVE-2012-4281. Webapps exploit for php platform |
| file | exploits/php/webapps/18871.txt |
| id | EDB-ID:18871 |
| last seen | 2016-02-02 |
| modified | 2012-05-13 |
| platform | php |
| port | |
| published | 2012-05-13 |
| reporter | Vulnerability-Lab |
| source | https://www.exploit-db.com/download/18871/ |
| title | Travelon Express CMS 6.2.2 - Multiple Vulnerabilities |
| type | webapps |
References
- http://iel-sayed.blogspot.com/2012/05/travelon-express-cms-v622-multiple-web.html
- http://www.exploit-db.com/exploits/18871
- http://www.osvdb.org/81889
- http://www.securityfocus.com/bid/53500
- http://www.vulnerability-lab.com/get_content.php?id=530
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75542