| Título | SourceCodester Human Resource Information System V0.1 Unrestricted Upload |
|---|
| Descrição | During a comprehensive security assessment of the PHP-based Human Resource Information System, a critical file upload vulnerability was identified in /Superadmin_Dashboard/process/editemployee_process.php. This vulnerability stems from the application's inadequate validation of user-uploaded files. Attackers can exploit this flaw to upload malicious executable files using techniques such as file extension spoofing, MIME type manipulation, or double extension tricks. Once uploaded and executed on the server, these files can lead to significant security breaches, including unauthorized server access and data theft. Crucially, this vulnerability allows unauthenticated attackers to achieve remote code execution by uploading malicious files. Immediate remediation is essential to mitigate these risks. |
|---|
| Fonte | ⚠️ https://github.com/lrjbsyh/CVE_Hunter/issues/5#issue-3322736605 |
|---|
| Utilizador | M00n_L33 (UID 88858) |
|---|
| Submissão | 14/08/2025 18h06 (há 8 meses) |
|---|
| Moderação | 25/08/2025 17h19 (11 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 321345 [SourceCodester Human Resource Information System 1.0 editemployee_process.php employee_file201 Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|