Arbitrary File Upload Vulnerability in Sourcecodester Online ID Generator System
CVE-2024-40071

9.8CRITICAL

Key Information:

Vendor
CVE Published:
16 April 2025

Summary

The Online ID Generator System by Sourcecodester version 1.0 is vulnerable to an arbitrary file upload issue, found in the SystemSettings.php file under the update_settings function. This flaw enables attackers to upload and execute malicious PHP files on the server, potentially leading to unauthorized code execution and severe security breaches. It is crucial for users of this application to apply security updates and follow best practices to mitigate risks associated with this vulnerability.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.