50 matches found
Employee Records System 1.0 - Unauthenticated File Upload RCE
Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. id: CVE-2021-4462 info: name: Employee Records System 1.0 - Unauthenticated File...
ShinyHunters Claims 1 Petabyte Data Theft from Telecom Giant Telus
ShinyHunters claims it stole up to 1 petabyte of data from Telus Digital, including support recordings, code, and employee records after a breach...
WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2019-20183
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...
CVE-2025-13990
The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...
30,000 Korean Air Employee Records Stolen as Cl0p Leaks Data Online
Korean Air confirms a major data leak affecting 30,000 staff members after the Cl0p gang targeted a catering partner. Learn what data was stolen and the airline’s response to secure its data...
Exploit for Unrestricted Upload of File with Dangerous Type in Skittles Employee_Records_System
CVE-2021-4462 Test Environment Docker-based test environment...
CVE-2021-4462
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation...
EUVD-2021-34713
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation...
CVE-2021-4462
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...
CVE-2021-4462 Employee Records System v1.0 Arbitrary File Upload RCE
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...
CVE-2021-4462 Employee Records System v1.0 Arbitrary File Upload RCE
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...
CVE-2021-4462
Employee Records System v1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote, unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. Exploitation evidence is reported (Shadowserver Foundation, 2025-02-06 UTC). Affected comp...
PT-2025-46216
Name of the Vulnerable Software and Affected Versions Employee Records System version 1.0 Description The Employee Records System version 1.0 has an unrestricted file upload issue. A remote, unauthenticated attacker can upload arbitrary files through the uploadID.php endpoint. The application lac...
Employee Records System 安全漏洞
Employee Records System is a small business employee record keeping system. A security vulnerability exists in Employee Records System version 1.0, which stems from a failure to perform server-side validation on the uploadID.php endpoint, which could allow a remote, unauthenticated attacker to...
VulnCheck KEV: CVE-2021-4462
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...
Everest Ransomware Claims AT&T Careers Breach with 576K Records
Everest ransomware group claims a breach of AT&T Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing...
EUVD-2025-12813
Malicious code in bioql PyPI...
EUVD-2025-17324
Malicious code in bioql PyPI...
PHPGurukul Employee Record Management System in PHP and MySQL 安全漏洞
PHPGurukul Employee Record Management System in PHP and MySQL is a php and mysql based employee record management system from PHPGurukul. A security vulnerability exists in PHPGurukul Employee Record Management System in PHP and MySQL v1, which originates from a SQL injection vulnerability in the...