CVE-2024-1008

Published: Jan 29, 2024Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252277 was assigned to this vulnerability.

Affected (1)

Products: Razormist: Employee Management System

1 product

Employee Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Razormist Employee Management System	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://vuldb.com/?ctiid.252277

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.252277

Source: cna@vuldb.com

Third Party Advisory

https://www.youtube.com/watch?v=z4gcLZCOcnc

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.252277

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vuldb.com/?id.252277

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.youtube.com/watch?v=z4gcLZCOcnc

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.