Описание
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.
EPSS
Процентиль: 98%
0.56083
Средний
CVE ID
Связанные уязвимости
CVSS3: 7.2
nvd
около 6 лет назад
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.
EPSS
Процентиль: 98%
0.56083
Средний