CVE-2026-3800
Unrestricted File Upload in Janobe Resort Reservation System
Publication date: 2026-03-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oretnom23 | resort_reservation_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3800 is an unrestricted file upload vulnerability found in the janobe Resort Reservation System version 1.0. It specifically affects the doInsert function in the controller.php file's add action. The vulnerability arises because the system improperly handles the image argument, allowing attackers to upload files without proper restrictions or validation."}, {'type': 'paragraph', 'content': 'This flaw enables remote attackers to upload arbitrary files, including potentially dangerous ones, which can lead to further exploitation such as remote code execution or system compromise.'}] [1, 3, 4]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized remote file uploads that may allow attackers to execute arbitrary code on the affected system.
Such exploitation can compromise the confidentiality, integrity, and availability of the system, potentially leading to data breaches, system downtime, or full system takeover.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves unrestricted file upload through the 'image' argument in the doInsert function of the /controller.php?action=add endpoint in janobe Resort Reservation System 1.0."}, {'type': 'paragraph', 'content': "Detection can focus on monitoring HTTP requests to the /controller.php?action=add endpoint for suspicious file upload attempts, especially those involving the 'image' parameter."}, {'type': 'paragraph', 'content': 'Commands to detect this vulnerability might include inspecting web server logs for POST requests to /controller.php?action=add with file upload data or using network monitoring tools to capture such traffic.'}, {'type': 'list_item', 'content': "Use grep or similar tools to search web server logs for POST requests to the vulnerable endpoint, e.g., `grep 'POST /controller.php?action=add' /var/log/apache2/access.log`."}, {'type': 'list_item', 'content': 'Use tools like tcpdump or Wireshark to capture HTTP traffic and filter for uploads to /controller.php?action=add.'}, {'type': 'list_item', 'content': "Check for unusual or unexpected file types being uploaded via the 'image' parameter."}] [1, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability.
It is suggested to replace the affected product with an alternative that does not have this unrestricted file upload vulnerability.
As an immediate step, restrict access to the vulnerable endpoint if possible, and monitor for suspicious upload activity.
Implement network-level protections such as web application firewalls (WAF) to block malicious file uploads targeting the /controller.php?action=add endpoint.