| 제목 | jkev Personnel Record Management System V1.0 Unrestricted Upload |
|---|
| 설명 | The employee information entry interface contains a critical, unrestricted file upload vulnerability. This flaw serves as the primary vector for a Remote Code Execution (RCE) attack. Attackers can bypass file type verification and authorization mechanisms to directly upload malicious WebShell scripts to the server. Once the WebShell is successfully uploaded, the attacker instantly gains server-level privileges, achieving full RCE. This allows the attacker to remotely execute arbitrary system commands, alter server configurations, steal core business data, implant ransomware or cryptominers, and potentially pivot laterally to compromise other servers within the internal network. |
|---|
| 원천 | ⚠️ https://github.com/whatyourname12345/CVE/blob/main/PRMS/cve_Arbitrary%20File%20Upload%20to%20RCE.md |
|---|
| 사용자 | chenkh (UID 96588) |
|---|
| 제출 | 2026. 03. 20. AM 03:03 (17 날 ago) |
|---|
| 모더레이션 | 2026. 04. 04. PM 04:45 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 355346 [SourceCodester/jkev Record Management System 1.0 Add Employee Page save_emp.php 권한 상승] |
|---|
| 포인트들 | 20 |
|---|