Arbitrary File Upload Vulnerability in Sourcecodester Online ID Generator System
CVE-2024-40071

Currently unrated

Key Information:

Vendor: Sourcecodester
Status: Online ID Generator System
Vendor: CVE Published:; 16 April 2025

Summary

The Online ID Generator System by Sourcecodester version 1.0 is vulnerable to an arbitrary file upload issue, found in the SystemSettings.php file under the update_settings function. This flaw enables attackers to upload and execute malicious PHP files on the server, potentially leading to unauthorized code execution and severe security breaches. It is crucial for users of this application to apply security updates and follow best practices to mitigate risks associated with this vulnerability.

References

https://github.com/DiliLearngent/BugReport/blob/main/php/...

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Jul 5, 2024