| Название | SourceCodester Human Resource Information System V0.1 Unrestricted Upload |
|---|
| Описание | During a comprehensive security assessment of the PHP-based Human Resource Information System, a critical file upload vulnerability was identified in /Superadmin_Dashboard/process/editemployee_process.php. This vulnerability stems from the application's inadequate validation of user-uploaded files. Attackers can exploit this flaw to upload malicious executable files using techniques such as file extension spoofing, MIME type manipulation, or double extension tricks. Once uploaded and executed on the server, these files can lead to significant security breaches, including unauthorized server access and data theft. Crucially, this vulnerability allows unauthenticated attackers to achieve remote code execution by uploading malicious files. Immediate remediation is essential to mitigate these risks. |
|---|
| Источник | ⚠️ https://github.com/lrjbsyh/CVE_Hunter/issues/5#issue-3322736605 |
|---|
| Пользователь | M00n_L33 (UID 88858) |
|---|
| Представление | 14.08.2025 18:06 (8 месяцы назад) |
|---|
| Модерация | 25.08.2025 17:19 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 321345 [SourceCodester Human Resource Information System 1.0 editemployee_process.php employee_file201 эскалация привилегий] |
|---|
| Баллы | 20 |
|---|