PT-2022-12345 · Unknown · Sourcecodetester Printable Staff Id Card Creator System
Bwnz
·
Published
2022-01-12
·
Updated
2022-01-20
·
CVE-2021-45411
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcecodetester Printable Staff ID Card Creator System version 1.0
Description
The issue allows an attacker to compromise the database via SQL injection, then log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.
Recommendations
For Sourcecodetester Printable Staff ID Card Creator System version 1.0, consider disabling the file upload feature until a patch is available to prevent remote code execution. Restrict access to the database to minimize the risk of SQL injection. Avoid using the system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodetester Printable Staff Id Card Creator System