SourceCodester Employee Management System Profile Page edit-photo.php unrestricted upload
CVE-2024-1008
Key Information:
- Vendor
SourceCodester
- Vendor
- CVE Published:
- 29 January 2024
Badges
What is CVE-2024-1008?
In the SourceCodester Employee Management System version 1.0, a vulnerability exists within the edit-photo.php functionality of the Profile Page component. This flaw permits an unauthorized user to upload files without restrictions, leading to significant security risks. The vulnerability is exploitable remotely, allowing attackers to potentially execute malicious code or perform unauthorized actions on the web server. Due to public disclosure, the urgency for organizations using this software to implement protective measures against potential attacks is heightened. Regular monitoring and timely updates are essential to safeguard sensitive data and maintain system integrity.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Employee Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved