Primary

Context

SourceCodester Janobe Resort Reservation System Unrestricted File Upload Vulnerability

Vulnerability

A vulnerability allowing unrestricted file upload has been identified in SourceCodester Janobe Resort Reservation System version 1.0. The issue arises in the 'doInsert' function of 'controller.php' when the 'image' argument is manipulated, enabling remote exploitation. This vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability allows for unrestricted file upload, which could lead to the execution of uploaded files if the server processes them as executable.

Reproduction

To reproduce this vulnerability, send a request to 'controller.php' with the 'action' parameter set to 'add'. Include a crafted 'image' argument that exploits the file upload functionality. The uploaded file will be saved in a directory accessible via the web, where it can be executed.

Added: Mar 9, 2026, 4:18 AM

Updated: Mar 9, 2026, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester Janobe Resort Reservation System Unrestricted File Upload Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating