CVE-2019-20183 PoC — Employee Records System 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-20183.yaml

Associated Vulnerability

Title:Employee Records System 安全漏洞 (CVE-2019-20183)
Description:Employee Records System是一个小型企业员工记录保存系统。 Employee Records System 1.0版本中的uploadimage.php文件存在安全漏洞，该漏洞源于程序仅在客户端验证了文件扩展。攻击者可利用该漏洞上传并执行任意的PHP代码。

Description

Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.

File Snapshot


 id: CVE-2019-20183

info:
  name: Simple Employee Records System 1.0 - Unrestricted File Upload
  au

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!