Employee Records System 1.0 - Unauthenticated File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. id: CVE-2021-4462 info: name: Employee Records System 1.0 - Unauthenticated File...

CVE-2019-20183

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...

Exploit for Unrestricted Upload of File with Dangerous Type in Skittles Employee_Records_System

CVE-2021-4462 Test Environment Docker-based test environment...

CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation...

EUVD-2021-34713

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation...

CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

CVE-2021-4462

Employee Records System v1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote, unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. Exploitation evidence is reported (Shadowserver Foundation, 2025-02-06 UTC). Affected comp...

CVE-2021-4462 Employee Records System v1.0 Arbitrary File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

CVE-2021-4462 Employee Records System v1.0 Arbitrary File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

VulnCheck KEV: CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

PT-2025-46216

Name of the Vulnerable Software and Affected Versions Employee Records System version 1.0 Description The Employee Records System version 1.0 has an unrestricted file upload issue. A remote, unauthenticated attacker can upload arbitrary files through the uploadID.php endpoint. The application lac...

Employee Records System 安全漏洞

Employee Records System is a small business employee record keeping system. A security vulnerability exists in Employee Records System version 1.0, which stems from a failure to perform server-side validation on the uploadID.php endpoint, which could allow a remote, unauthenticated attacker to...

CVE-2025-5782

A vulnerability, which was classified as critical, has been found in PHPGurukul Employee Record Management System 1.3. Affected by this issue is some unknown functionality of the file /resetpassword.php. The manipulation of the argument newpassword leads to sql injection. The attack may be launch...

CVE-2025-5211

A vulnerability was found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This issue affects some unknown processing of the file /myprofile.php. The manipulation of the argument EmpCode leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2025-5212

A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been classified as critical. Affected is an unknown function of the file /admin/editempexp.php. The manipulation of the argument emp1name leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-4191

A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/yophsc leads to sql injection. The attack can be...

CVE-2021-43451

SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php...

CVE-2019-20183

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...

CVE-2019-20183

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...

Design/Logic Flaw

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...