Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4273

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.

Published

2022-12-03T09:15:10.207

Last Modified

2024-11-21T07:34:55.130

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Secondary
CWE-266
Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oretnom23	human_resource_management_system	1.0	Yes

References

https://github.com/leecybersec/bug-report/tree/main/sourcecodester/oretnom23/hrm/bypass-fileupload-rce Exploit, Third Party Advisory ([email protected])
https://vuldb.com/?id.214769 Permissions Required, Third Party Advisory, VDB Entry ([email protected])
https://github.com/leecybersec/bug-report/tree/main/sourcecodester/oretnom23/hrm/bypass-fileupload-rce Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?id.214769 Permissions Required, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)