CVE-2021-36623

CRITICAL

Sourcecodester Phone Shop Sales Management System 1.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-36623. PoCs published by faisalfs10x.

AI-analyzed exploit summary This exploit demonstrates arbitrary file upload vulnerabilities in Phone Shop Sales Management System 1.0, leading to remote code execution via malicious PHP file uploads in two different endpoints.

Description

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.

Exploits (1)

exploitdb WORKING POC

by faisalfs10x · textwebappsphp

https://www.exploit-db.com/exploits/50106

View Code ZIP pw:eip

This exploit demonstrates arbitrary file upload vulnerabilities in Phone Shop Sales Management System 1.0, leading to remote code execution via malicious PHP file uploads in two different endpoints.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Phone Shop Sales Management System 1.0

No auth needed

Prerequisites: Access to the web application · Ability to send HTTP POST requests

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50106

Scores

CVSS v3 9.8

EPSS 0.0184

EPSS Percentile 76.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

phone_shop_sales_management_system_project/phone_shop_sales_management_system 1.0

Published Aug 03, 2021

Tracked Since Feb 18, 2026