| タイトル | BEST EMPLOYEE MANAGEMENT SYSTEMS 1 Remote Code Execution |
|---|
| 説明 | During the security assessment of "Best Employee Management System", I identified a critical arbitrary file upload vulnerability in the "admin\Operation\User.php" file. This issue arises from the lack of validation on the `$_FILES["website_image"]` input, allowing files to be uploaded without verifying their type or extension. This weakness enables attackers to upload malicious files, such as PHP web shells, which can be executed on the server. Exploitation of this vulnerability can result in remote code execution (RCE), unauthorized access to sensitive data, modification or deletion of application data, and full compromise of the affected system. Immediate remediation is required to enforce strict file type validation and secure file handling to protect system integrity and confidentiality. |
|---|
| ソース | ⚠️ https://github.com/wanidnone-ops/CVE/issues/1 |
|---|
| ユーザー | fudugeek (UID 91138) |
|---|
| 送信 | 2025年10月09日 12:52 (8 月 ago) |
|---|
| モデレーション | 2025年10月10日 14:57 (1 day later) |
|---|
| ステータス | 重複 |
|---|
| VulDBエントリ | 284530 [SourceCodester Best Employee Management System 1.0 /admin/profile.php website_image 特権昇格] |
|---|
| ポイント | 0 |
|---|