| 제목 | SourceCodester Human Resource Information System V0.1 Unrestricted Upload |
|---|
| 설명 | During a comprehensive security assessment of the PHP-based Human Resource Information System, a critical file upload vulnerability was identified in /Superadmin_Dashboard/process/editemployee_process.php. This vulnerability stems from the application's inadequate validation of user-uploaded files. Attackers can exploit this flaw to upload malicious executable files using techniques such as file extension spoofing, MIME type manipulation, or double extension tricks. Once uploaded and executed on the server, these files can lead to significant security breaches, including unauthorized server access and data theft. Crucially, this vulnerability allows unauthenticated attackers to achieve remote code execution by uploading malicious files. Immediate remediation is essential to mitigate these risks. |
|---|
| 원천 | ⚠️ https://github.com/lrjbsyh/CVE_Hunter/issues/5#issue-3322736605 |
|---|
| 사용자 | M00n_L33 (UID 88858) |
|---|
| 제출 | 2025. 08. 14. PM 06:06 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 25. PM 05:19 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 321345 [SourceCodester Human Resource Information System 1.0 editemployee_process.php employee_file201 권한 상승] |
|---|
| 포인트들 | 20 |
|---|