| 제목 | BEST EMPLOYEE MANAGEMENT SYSTEMS 1 Remote Code Execution |
|---|
| 설명 | During the security assessment of "Best Employee Management System", I identified a critical arbitrary file upload vulnerability in the "admin\Operation\User.php" file. This issue arises from the lack of validation on the `$_FILES["website_image"]` input, allowing files to be uploaded without verifying their type or extension. This weakness enables attackers to upload malicious files, such as PHP web shells, which can be executed on the server. Exploitation of this vulnerability can result in remote code execution (RCE), unauthorized access to sensitive data, modification or deletion of application data, and full compromise of the affected system. Immediate remediation is required to enforce strict file type validation and secure file handling to protect system integrity and confidentiality. |
|---|
| 원천 | ⚠️ https://github.com/wanidnone-ops/CVE/issues/1 |
|---|
| 사용자 | fudugeek (UID 91138) |
|---|
| 제출 | 2025. 10. 09. PM 12:52 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 10. PM 02:57 (1 day later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 284530 [SourceCodester Best Employee Management System 1.0 /admin/profile.php website_image 권한 상승] |
|---|
| 포인트들 | 0 |
|---|