CVE-2024-34833

CRITICAL

Sourcecodester Payroll Management System 1.0 - Unauthenticated Arbitrary File Upload via Image Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34833. PoCs published by ShellUnease.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-34833, targeting an unauthenticated file upload vulnerability in Payroll Management System v1.0. The exploit uploads a PHP reverse shell via the 'save_settings' endpoint and attempts to trigger it by guessing the timestamp-prefixed filename.

Description

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.

Exploits (1)

nomisec WORKING POC

by ShellUnease · poc

https://github.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-34833, targeting an unauthenticated file upload vulnerability in Payroll Management System v1.0. The exploit uploads a PHP reverse shell via the 'save_settings' endpoint and attempts to trigger it by guessing the timestamp-prefixed filename.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Payroll Management System v1.0

No auth needed

Prerequisites: Network access to the target web application · Ability to receive reverse shell connections

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/ShellUnease/payroll-management-system-rce

Exploit

https://packetstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.0192

EPSS Percentile 77.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

oretnom23/payroll_management_system 1.0

Published Jun 17, 2024

Tracked Since Feb 18, 2026