| عنوان | BEST EMPLOYEE MANAGEMENT SYSTEMS 1 Remote Code Execution |
|---|
| الوصف | During the security assessment of "Best Employee Management System", I identified a critical arbitrary file upload vulnerability in the "admin\Operation\User.php" file. This issue arises from the lack of validation on the `$_FILES["website_image"]` input, allowing files to be uploaded without verifying their type or extension. This weakness enables attackers to upload malicious files, such as PHP web shells, which can be executed on the server. Exploitation of this vulnerability can result in remote code execution (RCE), unauthorized access to sensitive data, modification or deletion of application data, and full compromise of the affected system. Immediate remediation is required to enforce strict file type validation and secure file handling to protect system integrity and confidentiality. |
|---|
| المصدر | ⚠️ https://github.com/wanidnone-ops/CVE/issues/1 |
|---|
| المستخدم | fudugeek (UID 91138) |
|---|
| ارسال | 09/10/2025 12:52 PM (8 أشهر منذ) |
|---|
| الاعتدال | 10/10/2025 02:57 PM (1 day later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 284530 [SourceCodester Best Employee Management System 1.0 /admin/profile.php website_image تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|