Remote Code Execution (RCE) Vulnerability in Sourcecodester Attendance and Payroll System v1.0 via Photo Upload

Remote Code Execution (RCE) Vulnerability in Sourcecodester Attendance and Payroll System v1.0 via Photo Upload

CVE-2021-44087 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.

Learn more about our Web Application Penetration Testing UK.