SourceCodester Attendance and Payroll System 1.0 Unrestricted File Upload Vulnerability (CVE-2024-10420)

### Key Information 1. **Vulnerability ID**: - VDB-281961 - CVE-2024-10420 2. **Vulnerability Name**: - SourceCodester Attendance and Payroll System 1.0 Update.php Upload Image Unrestricted Upload 3. **CVSS Meta Temp Score**: - 5.7 4. **Current Exploit Price**: - $0-$5k 5. **CTI Interest Score**: - 1.69 6. **Vulnerability Description**: - A vulnerability labeled as "Critical" exists in the file `/marimar/guest/update.php` of SourceCodester Attendance and Payroll System 1.0. Manipulation of the `image` parameter via unknown input leads to an unrestricted file upload vulnerability. CWE classifies this issue as CWE-434. The product allows attackers to upload or transmit files of dangerous types that can be automatically processed within the product’s environment. 7. **Impact**: - Affects confidentiality, integrity, and availability. 8. **Public Information**: - Public information about the vulnerability can be found on github.com. - The unique identifier for the vulnerability is CVE-2024-10420. - Exploitability is described as easy. - The attack can be initiated remotely. - Technical details and public exploits are known. - MITRE ATT&CK framework references attack technique T1608.002. 9. **Exploit Tools**: - Exploit tools are available for download on github.com. - Declared as proof-of-concept. 10. **Search Suggestions**: - Search for `inurl:marimar/guest/update.php` to identify vulnerable targets. 11. **Recommended Actions**: - No known remediation is available. - It is recommended to replace the affected component. 12. **Related Vulnerability IDs**: - VDB-256511 - VDB-260575 - VDB-263337 - VDB-270337 13. **Product Information**: - Product Name: SourceCodester Attendance and Payroll System 1.0 - Vendor: SourceCodester ### Summary This vulnerability is an unrestricted file upload flaw affecting the `/marimar/guest/update.php` file in SourceCodester Attendance and Payroll System 1.0. The CVSS Meta Temp Score is 5.7, with a current exploit price ranging from $0 to $5k and a CTI interest score of 1.69. Public information and exploit tools are available on github.com. As a mitigation, replacing the affected component is recommended.

Goal Reached Thanks to every supporter — we hit 100%!

SourceCodester Attendance and Payroll System 1.0 Unrestricted File Upload Vulnerability (CVE-2024-10420)

More from this source