Shellunease

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Payroll Management System version 1.0 **Description** The issue allows an unauthenticated attacker to upload a malicious PHP file via the "save settings" page, which is intended for image uploads. This can lead to the execution of arbitrary code as the user running the web server. **Recommendations** For Sourcecodester Payroll Management System version 1.0, consider disabling the file upload functionality on the "save settings" page until a patch is available to prevent exploitation. Restrict access to the "save settings" page to minimize the risk of uploading malicious files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.