In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/49877 | Exploit Third Party Advisory VDB Entry |
https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Jan 2022, 15:24
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
First Time |
Printable Staff Id Card Creator System Project
Printable Staff Id Card Creator System Project printable Staff Id Card Creator System |
|
References | (MISC) https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html - Third Party Advisory | |
References | (MISC) https://www.exploit-db.com/exploits/49877 - Exploit, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:printable_staff_id_card_creator_system_project:printable_staff_id_card_creator_system:1.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
12 Jan 2022, 18:08
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-12 17:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45411
Mitre link : CVE-2021-45411
CVE.ORG link : CVE-2021-45411
JSON object : View
Products Affected
printable_staff_id_card_creator_system_project
- printable_staff_id_card_creator_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type