Unrestricted File Upload Vulnerability in Employee Management System 1.0
CVE-2024-2394

9.8CRITICAL

Key Information:

Vendor

Sourcecodester
Status
Employee Management System
Vendor
CVE Published:
12 March 2024

Badges

👾 Exploit Exists

What is CVE-2024-2394?

An unrestricted upload vulnerability exists in the SourceCodester Employee Management System 1.0, allowing remote attackers to upload arbitrary files through the 'avatar' argument of the /Admin/add-admin.php file. This flaw can lead to significant security risks, including unauthorized access and system compromise. The attack can be initiated remotely, making it a serious concern for users of this software. Immediate action is recommended to mitigate potential threats.

Affected Version(s)

Employee Management System 1.0

References

https://vuldb.com/?id.256454
vdb-entrytechnical-description
https://vuldb.com/?ctiid.256454
signaturepermissions-required
https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LiAoRJ (VulDB User)
JSON
.