Simple Employee Records System 1.0 RCE

Jijith Rajan
Published on
16 Jun 2021

The uploadID.php in the Simple Employee Records System v 1.0 can be used to upload php files to the server. Those files will be uploaded to ‘/uploads/employees_ids/’ without any authentication. With the unrestricted file upload the attacker can gain RCE.

Mitigation / Precaution

  • Apply patches provided by the vendor or upgrade the application to a newer version.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment