| Название | BEST EMPLOYEE MANAGEMENT SYSTEMS 1 Remote Code Execution |
|---|
| Описание | During the security assessment of "Best Employee Management System", I identified a critical arbitrary file upload vulnerability in the "admin\Operation\User.php" file. This issue arises from the lack of validation on the `$_FILES["website_image"]` input, allowing files to be uploaded without verifying their type or extension. This weakness enables attackers to upload malicious files, such as PHP web shells, which can be executed on the server. Exploitation of this vulnerability can result in remote code execution (RCE), unauthorized access to sensitive data, modification or deletion of application data, and full compromise of the affected system. Immediate remediation is required to enforce strict file type validation and secure file handling to protect system integrity and confidentiality. |
|---|
| Источник | ⚠️ https://github.com/wanidnone-ops/CVE/issues/1 |
|---|
| Пользователь | fudugeek (UID 91138) |
|---|
| Представление | 09.10.2025 12:52 (8 месяцы назад) |
|---|
| Модерация | 10.10.2025 14:57 (1 day later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 284530 [SourceCodester Best Employee Management System 1.0 /admin/profile.php website_image эскалация привилегий] |
|---|
| Баллы | 0 |
|---|