Vulnerability
The uploadID.php in the Simple Employee Records System v 1.0 can be used to upload php files to the server. Those files will be uploaded to ‘/uploads/employees_ids/’ without any authentication. With the unrestricted file upload the attacker can gain RCE.
Mitigation / Precaution
- Apply patches provided by the vendor or upgrade the application to a newer version.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
