CVE-2024-1008

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252277 was assigned to this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:razormist:employee_management_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:49

Type Values Removed Values Added
CVSS v2 : 5.8
v3 : 7.2
v2 : 5.8
v3 : 4.7
References () https://vuldb.com/?ctiid.252277 - Third Party Advisory () https://vuldb.com/?ctiid.252277 - Third Party Advisory
References () https://vuldb.com/?id.252277 - Third Party Advisory () https://vuldb.com/?id.252277 - Third Party Advisory
References () https://www.youtube.com/watch?v=z4gcLZCOcnc - Exploit () https://www.youtube.com/watch?v=z4gcLZCOcnc - Exploit

01 Feb 2024, 04:18

Type Values Removed Values Added
First Time Razormist
Razormist employee Management System
References () https://vuldb.com/?ctiid.252277 - () https://vuldb.com/?ctiid.252277 - Third Party Advisory
References () https://vuldb.com/?id.252277 - () https://vuldb.com/?id.252277 - Third Party Advisory
References () https://www.youtube.com/watch?v=z4gcLZCOcnc - () https://www.youtube.com/watch?v=z4gcLZCOcnc - Exploit
CPE cpe:2.3:a:razormist:employee_management_system:1.0:*:*:*:*:*:*:*
Summary
  • (es) Se encontró una vulnerabilidad en SourceCodester Employee Management System 1.0. Ha sido declarada crítica. Una función desconocida del archivo edit-photo.php del componente Profile Page es afectada por esta vulnerabilidad. La manipulación conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. La explotación ha sido divulgada al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-252277.
CVSS v2 : 5.8
v3 : 4.7
v2 : 5.8
v3 : 7.2

29 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-29 16:15

Updated : 2024-11-21 08:49


NVD link : CVE-2024-1008

Mitre link : CVE-2024-1008

CVE.ORG link : CVE-2024-1008


JSON object : View

Products Affected

razormist

  • employee_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type