Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Employee Records System File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

Exploited

A file upload vulnerability allowing remote unauthenticated attackers to upload arbitrary files has been identified in Employee Records System version 1.0. This issue arises from the application's failure to implement proper server-side validation, particularly in the uploadID.php endpoint. Exploited files can be executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can lead to remote code execution on the server.

Reproduction

To reproduce this vulnerability, send a POST request to the uploadID.php endpoint with a .php file disguised as an image (such as a PNG) using multipart/form-data. The uploaded file will be saved in the '/uploads/employees_ids/' directory, where it can be accessed and executed.

Added: Nov 10, 2025, 11:24 PM

Updated: Nov 10, 2025, 11:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

9.4

remediation

0.0

relevance

0.9

threat

8.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

9.4

remediation

0.0

relevance

0.9

threat

8.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Employee Records System File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Simple Employee Records System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating