CVE-2024-34833

Published: Jun 17, 2024Modified: Apr 30, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.

Affected (1)

Products: Oretnom23: Payroll Management System

1 product

Payroll Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oretnom23 Payroll Management System	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/ShellUnease/payroll-management-system-rce

Source: cve@mitre.org

ExploitThird Party Advisory

https://packetstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.html

Source: cve@mitre.org

Exploit

https://github.com/ShellUnease/payroll-management-system-rce

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://packetstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.