CVE-2021-45411

CRITICAL

Printable Staff ID Card Creator System 1.0 - Authenticated Remote Code Execution via Arbitrary File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-45411. PoCs published by bwnz.

AI-analyzed exploit summary This writeup describes an SQL injection vulnerability in Printable Staff ID Card Creator System 1.0, followed by an authenticated arbitrary file upload leading to RCE. It includes SQLMap payloads and steps for exploitation.

Description

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.

Exploits (1)

exploitdb WRITEUP
by bwnz · textwebappsphp
https://www.exploit-db.com/exploits/49877

This writeup describes an SQL injection vulnerability in Printable Staff ID Card Creator System 1.0, followed by an authenticated arbitrary file upload leading to RCE. It includes SQLMap payloads and steps for exploitation.

Classification
Writeup 90%
Attack Type
Sqli | Rce
Complexity
Moderate
Reliability
Reliable
Target: Printable Staff ID Card Creator System 1.0
No auth needed
Prerequisites: access to login page · Burp Suite or SQLMap for SQLi · valid credentials for RCE
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49877

Scores

CVSS v3 9.8
EPSS 0.0386
EPSS Percentile 88.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
printable_staff_id_card_creator_system_project/printable_staff_id_card_creator_system 1.0
Published Jan 12, 2022
Tracked Since Feb 18, 2026