Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-4462
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Employee Records System v1.0 Arbitrary File Upload RCE
Source: NVD (National Vulnerability Database)
Vulnerability Description
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
危险类型文件的不加限制上传
Source: NVD (National Vulnerability Database)
Vulnerability Title
Employee Records System 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Employee Records System是一个小型企业员工记录保存系统。 Employee Records System 1.0版本存在安全漏洞,该漏洞源于uploadID.php端点未执行服务器端验证,可能导致远程未经验证的攻击者上传和执行任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Employee Records SystemEmployee Records System 1.0 -
II. Public POCs for CVE-2021-4462
#POC DescriptionSource LinkShenlong Link
1Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-4462.yamlPOC Details
2Nonehttps://github.com/Pranjal6955/CVE-2021-4462POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-4462
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-434
V. Comments for CVE-2021-4462

No comments yet

Leave a comment