CVE-2024-4921

Name of the Vulnerable Software and Affected Versions SourceCodester Employee and Visitor Gate Pass Logging System version 1.0

Description A critical vulnerability has been found in the system, affecting an unknown function of the file /employee gatepass/classes/Users.php?f=ssave. The manipulation of the img argument leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, patch the system immediately and validate input sanitization to prevent unrestricted upload. As a temporary workaround, consider restricting access to the /employee gatepass/classes/Users.php file to minimize the risk of exploitation. Avoid using the img argument in the affected file until the issue is resolved.