Arbitrary File Upload Vulnerability in Sourcecodester Online ID Generator System
CVE-2024-40071
9.8CRITICAL
Summary
The Online ID Generator System by Sourcecodester version 1.0 is vulnerable to an arbitrary file upload issue, found in the SystemSettings.php file under the update_settings function. This flaw enables attackers to upload and execute malicious PHP files on the server, potentially leading to unauthorized code execution and severe security breaches. It is crucial for users of this application to apply security updates and follow best practices to mitigate risks associated with this vulnerability.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved