CNNVD-202511-889 Information
CNNVD ID
CNNVD-202511-889
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
Employee Records System是一个小型企业员工记录保存系统。 Employee Records System 1.0版本存在安全漏洞,该漏洞源于uploadID.php端点未执行服务器端验证,可能导致远程未经验证的攻击者上传和执行任意文件。
Description (English)
Employee Records Systems is a small business employee record-keeping system. There is a security loophole in version 1.0 of Employee Records System, which stems from the failure of theuploadID.php endpoint to perform server-end authentication, which may lead to the uploading and execution of any file by a remote unverified assailant.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-11-10
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/49596 https://www.vulncheck.com/advisories/employees-records-system-arbitrary-file-upload-rce https://www.sourcecodester.com/php/11393/employee-records-system.html https://access.redhat.com/security/cve/cve-2021-4462
Patch
https://www.sourcecodester.com/php/11393/employee-records-system.html
Share on: