← volver
CVE-2024-34833

CVE-2024-34833

CVSS 9.8 CRITICALEPSS 1.9%CWE-434
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a
PoCs públicas encontradas2
githubgithub.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce0cve_referencepacketstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/ShellUnease/payroll-management-system-rcehttps://packetstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.html