CVE-2026-3800 - Vulnerability Analysis
MediumCVSS: 6.3Last Updated: March 9, 2026
SourceCodester janobe Resort Reservation System - Unrestricted File Upload
Published: March 9, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester janobe Resort Reservation System 1.0 contains an unrestricted file upload vulnerability caused by improper validation of the "image" argument in /controller.php?action=add, letting remote attackers upload arbitrary files, exploit requires no special privileges.
Severity & Score
Severity: Medium
CVSS Score: 6.3
Impact
Remote attackers can upload arbitrary files, potentially leading to remote code execution or server compromise.
Mitigation
Update to the latest version or apply patches that restrict file upload validation.
References
Related Resources
Details
- CVE ID
- CVE-2026-3800
- Severity
- Medium
- CVSS Score
- 6.3
- Type
- unrestricted_file_upload
- Status
- confirmed
CWE
- CWE-284
- CWE-434
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L