Simple Employee Records System 1.0 RCE

By
Jijith Rajan
Published on
16 Jun 2021
Vulnerability

The uploadID.php in the Simple Employee Records System v 1.0 can be used to upload php files to the server. Those files will be uploaded to ‘/uploads/employees_ids/’ without any authentication. With the unrestricted file upload the attacker can gain RCE.

Mitigation / Precaution

  • Apply patches provided by the vendor or upgrade the application to a newer version.

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days