CVE-2021-45411

CRITICAL

Printable Staff ID Card Creator System - Unrestricted File Upload

Title source: rule

Description

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.

Exploits (1)

exploitdb WRITEUP

by bwnz · textwebappsphp

https://www.exploit-db.com/exploits/49877

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49877

Scores

CVSS v3 9.8

EPSS 0.0321

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

printable_staff_id_card_creator_system_project/printable_staff_id_card_creator_system 1.0

Published Jan 12, 2022

Tracked Since Feb 18, 2026