CVE-2019-20183

HIGH NUCLEI

Employee Records System - Unrestricted File Upload

Title source: rule

Description

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.

Nuclei Templates (1)

Simple Employee Records System 1.0 - Unrestricted File Upload

HIGHby pikpikcu,j4vaovo

References (1)

[Various Sources] https://medium.com/%40Pablo0xSantiago/cve-2019-20183-employee-records-system-bypass-file-upload-to-rce-ea2653660b34

Scores

CVSS v3 7.2

EPSS 0.5502

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

employee_records_system_project/employee_records_system 1.0

Published Jan 09, 2020

Tracked Since Feb 18, 2026