Описание
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:skittles:employee_records_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.22911
Средний
9.8 Critical
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
3 месяца назад
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation.
EPSS
Процентиль: 96%
0.22911
Средний
9.8 Critical
CVSS3
Дефекты
CWE-434