File Upload Vulnerability in Sourcecodester Payroll Management System
CVE-2024-34833

Currently unrated

Key Information:

Vendor: Sourcecodester
Status: Payroll Management System
Vendor: CVE Published:; 17 June 2024

Summary

The Payroll Management System v1.0 by Sourcecodester has a vulnerability that allows an unauthorized user to exploit the 'save_settings' page to upload malicious files. This could lead to arbitrary code execution on the server, posing significant security risks. Attackers can leverage this weakness to execute PHP scripts, potentially compromising the entire application and any sensitive data it handles.

References

https://github.com/ShellUnease/payroll-management-system-rce

https://packetstormsecurity.com/files/179106/Payroll-Mana...

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 17, 2024
Vulnerability Reserved
May 9, 2024