Arbitrary File Upload Vulnerability in Sourcecodester Online ID Generator System
CVE-2024-40071

9.8CRITICAL

Key Information:

Vendor: Sourcecodester
Status: Online ID Generator System
Vendor: CVE Published:; 16 April 2025

Summary

The Online ID Generator System by Sourcecodester version 1.0 is vulnerable to an arbitrary file upload issue, found in the SystemSettings.php file under the update_settings function. This flaw enables attackers to upload and execute malicious PHP files on the server, potentially leading to unauthorized code execution and severe security breaches. It is crucial for users of this application to apply security updates and follow best practices to mitigate risks associated with this vulnerability.

References

https://github.com/DiliLearngent/BugReport/blob/main/php/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Jul 5, 2024