A critical vulnerability in phpVMS exposes a legacy import feature to unauthenticated access, risking unauthorized data exposure or system manipulation.

This vulnerability allows unauthenticated access to a legacy import feature within phpVMS. By reaching this endpoint without authentication, attackers may potentially manipulate data or bypass intended application logic.

With a CVSS score of 9.4, this vulnerability is considered critical. Unauthorized access to administrative or import features can lead to the corruption of airline simulation data, unauthorized modification of user accounts, or the potential for further system exploitation.

Immediate Action: Update phpVMS to version 7.0.6 or later to secure the legacy import feature.

Proactive Monitoring: Review access logs for any unauthenticated requests to import-related endpoints or unusual data changes within the application.

Compensating Controls: If upgrading is not immediately possible, disable the legacy import feature at the server or application level.

Public Exploit Available: Unknown

Legacy features are common attack vectors. Security teams should prioritize patching phpVMS to remove unauthenticated access to sensitive legacy functionality and prevent potential exploitation.