| Title | jkev Personnel Record Management System V1.0 Unrestricted Upload |
|---|
| Description | The employee information entry interface contains a critical, unrestricted file upload vulnerability. This flaw serves as the primary vector for a Remote Code Execution (RCE) attack. Attackers can bypass file type verification and authorization mechanisms to directly upload malicious WebShell scripts to the server. Once the WebShell is successfully uploaded, the attacker instantly gains server-level privileges, achieving full RCE. This allows the attacker to remotely execute arbitrary system commands, alter server configurations, steal core business data, implant ransomware or cryptominers, and potentially pivot laterally to compromise other servers within the internal network. |
|---|
| Source | ⚠️ https://github.com/whatyourname12345/CVE/blob/main/PRMS/cve_Arbitrary%20File%20Upload%20to%20RCE.md |
|---|
| User | chenkh (UID 96588) |
|---|
| Submission | 03/20/2026 03:03 (17 days ago) |
|---|
| Moderation | 04/04/2026 16:45 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 355346 [SourceCodester/jkev Record Management System 1.0 Add Employee Page save_emp.php unrestricted upload] |
|---|
| Points | 20 |
|---|