CVE-2023-39424

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.3.2.15:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-07 13:15

Updated : 2023-09-12 00:09

NVD link : CVE-2023-39424

Mitre link : CVE-2023-39424

CVE.ORG link : CVE-2023-39424

JSON object : View

Products Affected

resortdata

internet_reservation_module_next_generation

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2023-39424", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve-requests@bitdefender.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2023-09-07T13:15:08.933", "references": [{"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained", "tags": ["Third Party Advisory"], "source": "cve-requests@bitdefender.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "cve-requests@bitdefender.com", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in\u00a0RDPngFileUpload.dll, as used in the\u00a0IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials.\u00a0"}, {"lang": "es", "value": "Una vulnerabilidad en RDPngFileUpload.dll, como se usa en el sistema de reservas IRM Next Generation, permite a un atacante remoto cargar contenido arbitrario (como un componente de web shel) en la base de datos SQL y ejecutarlo con privilegios SYSTEM. Esta vulnerabilidad requiere que se aproveche la autenticaci\u00f3n, pero puede combinarse con otra vulnerabilidad en la plataforma (CVE-2023-39420, que otorga acceso a credenciales codificadas) para llevar a cabo el ataque sin tener credenciales asignadas. \n"}], "lastModified": "2023-09-12T00:09:32.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:resortdata:internet_reservation_module_next_generation:5.3.2.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9D4E8D4-6E26-4EEE-BFB6-FA4BB522808C"}], "operator": "OR"}]}], "sourceIdentifier": "cve-requests@bitdefender.com"}