CVE-2024-34833

Name of the Vulnerable Software and Affected Versions Sourcecodester Payroll Management System version 1.0

Description The issue allows an unauthenticated attacker to upload a malicious PHP file via the "save settings" page, which is intended for image uploads. This can lead to the execution of arbitrary code as the user running the web server.

Recommendations For Sourcecodester Payroll Management System version 1.0, consider disabling the file upload functionality on the "save settings" page until a patch is available to prevent exploitation. Restrict access to the "save settings" page to minimize the risk of uploading malicious files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.