CVE-2021-4462 PoC — Employee Records System 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-4462.yaml

Associated Vulnerability

Title:Employee Records System 安全漏洞 (CVE-2021-4462)
Description:Employee Records System是一个小型企业员工记录保存系统。 Employee Records System 1.0版本存在安全漏洞，该漏洞源于uploadID.php端点未执行服务器端验证，可能导致远程未经验证的攻击者上传和执行任意文件。

Description

Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution.

File Snapshot


 id: CVE-2021-4462

info:
  name: Employee Records System 1.0 - Unauthenticated File Upload RCE
  aut

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!