Unrestricted Photo Upload Vulnerability in SourceCodester Prison Management System 1.0
CVE-2024-4500
8.8HIGH
What is CVE-2024-4500?
A serious vulnerability has been identified in the SourceCodester Prison Management System version 1.0. This flaw resides in the 'edit-photo.php' file where the 'userImage' argument can be manipulated, allowing for unrestricted file uploads. This opens the door for remote attackers to upload malicious files to the server, potentially leading to severe security breaches. The exploit has been made public, raising concerns over its potential for misuse in targeted attacks.
Affected Version(s)
Prison Management System 1.0