Skittles

skittles

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Employee Records System

employee_records_system

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-4462 1Skittles 1Employee Records System Nov 24, 2025 Nov 10, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed...Show more Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-4462

1Skittles

1Employee Records System

Nov 24, 2025

Nov 10, 2025

9.3 CRITICAL· v4

9.8 CRITICAL· v3

N/A· v2

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.Show less