CVE-2020-10225

CRITICAL

PHPGurukul Job Portal 1.0 - Unauthenticated Arbitrary File Upload via admin/gallery.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10225. PoCs published by Tib3rius.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in Job Portal 1.0, allowing an attacker to upload a malicious PHP file and achieve remote code execution. The script uploads a PHP web shell and verifies its execution by sending a test command.

Description

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tib3rius · pythonwebappsphp

https://www.exploit-db.com/exploits/47881

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in Job Portal 1.0, allowing an attacker to upload a malicious PHP file and achieve remote code execution. The script uploads a PHP web shell and verifies its execution by sending a test command.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Job Portal 1.0

No auth needed

Prerequisites: Access to the target URL · Network connectivity to the target

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://tib3rius.com/cves.html

Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/47881

Scores

CVSS v3 9.8

EPSS 0.0435

EPSS Percentile 90.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

phpgurukul/job_portal 1.0

Published Mar 08, 2020

Tracked Since Feb 18, 2026