Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
https://github.com/BigTiger2020/Travel-Management-System/blob/main/Travel%20Management%20System.md