ShellUnease

1 exploit Active since Jun 2024
CVE-2024-34833 NOMISEC CRITICAL WORKING POC
Sourcecodester Payroll Management System 1.0 - Unauthenticated Arbitrary File Upload via Image Upload
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.
CVSS 9.8