| Title | https://www.sourcecodester.com/users/walterjnr1 https://www.sourcecodester.com/php/16999/employee-management-system.html v1.0 Authenticated File upload bypass to RCE |
|---|
| Description | An authenticated file upload vulnerability was found, making it possible to successfully perform a bypass, and with this, we can upload a webshell for example, getting RCE, the vulnerability is found in the function called "edit-photo.php". |
|---|
| Source | ⚠️ https://www.youtube.com/watch?v=z4gcLZCOcnc |
|---|
| User | mtzsec (UID 52162) |
|---|
| Submission | 01/24/2024 03:37 (2 years ago) |
|---|
| Moderation | 01/29/2024 08:15 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252277 [SourceCodester Employee Management System 1.0 Profile Page edit-photo.php unrestricted upload] |
|---|
| Points | 13 |
|---|