| Название | jkev Personnel Record Management System V1.0 Unrestricted Upload |
|---|
| Описание | The employee information entry interface contains a critical, unrestricted file upload vulnerability. This flaw serves as the primary vector for a Remote Code Execution (RCE) attack. Attackers can bypass file type verification and authorization mechanisms to directly upload malicious WebShell scripts to the server. Once the WebShell is successfully uploaded, the attacker instantly gains server-level privileges, achieving full RCE. This allows the attacker to remotely execute arbitrary system commands, alter server configurations, steal core business data, implant ransomware or cryptominers, and potentially pivot laterally to compromise other servers within the internal network. |
|---|
| Источник | ⚠️ https://github.com/whatyourname12345/CVE/blob/main/PRMS/cve_Arbitrary%20File%20Upload%20to%20RCE.md |
|---|
| Пользователь | chenkh (UID 96588) |
|---|
| Представление | 20.03.2026 03:03 (18 дни назад) |
|---|
| Модерация | 04.04.2026 16:45 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 355346 [SourceCodester/jkev Record Management System 1.0 Add Employee Page save_emp.php эскалация привилегий] |
|---|
| Баллы | 20 |
|---|