PT-2022-22218 · Sourcecodester · Sourcecodester Human Resource Management System
Akash Pandey
+1
·
Published
2022-10-12
·
Updated
2024-01-25
·
CVE-2022-3458
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Human Resource Management System version 1.0
Description
A critical issue has been found in the Image File Handler component of the SourceCodester Human Resource Management System, specifically affecting an unknown functionality of the file /employeeview.php. This issue leads to unrestricted upload and can be exploited remotely.
Recommendations
For version 1.0, consider disabling the /employeeview.php file or restricting access to it until a patch is available to prevent unrestricted upload. Additionally, restrict access to the Image File Handler component to minimize the risk of exploitation.
Fix
Incorrect Privilege Assignment
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Human Resource Management System