CVE-2024-40071

Published: Apr 16, 2025Modified: Apr 22, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Affected (1)

Products: Oretnom23: Online Id Generator System

1 product

Online Id Generator System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oretnom23 Online Id Generator System	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug2-File-upload-img.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/DiliLearngent/BugReport/blob/main/php/Online-ID-Generator-System/bug2-File-upload-img.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.