CVE-2019-20183
published 2020-01-09CVE-2019-20183: uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side…
PriorityP352high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
6.72%
93.1th percentile
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| employee_records_system_project | employee_records_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor GET requests to /uploads/employees_ids/ for .php file access, which would indicate successful webshell upload and execution. ↗
- →Use the regex pattern '(?:[a-zA-Z0-9+\/])*_poc.php' to identify uploaded PHP webshell filenames in server responses after upload to the employee IDs upload directory. ↗
- →The X-Requested-With: XMLHttpRequest header is used in the exploit request; correlate with multipart/form-data uploads containing PHP files to /dashboard/uploadID.php. ↗
- ·File extension validation is implemented only on the client side (global.js), meaning server-side controls are absent. An attacker can bypass validation entirely by modifying the JavaScript before submission, without any server-side enforcement to detect or block. ↗
- ·The exploit uploads a file with Content-Type: image/png while the actual filename has a .php extension, so MIME-type-based detection alone is insufficient to catch this attack. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Simple Employee Records System 1.0 - Unrestricted File Upload
nuclei·CVSS 7.2
CVE-2019-20183 [HIGH] Simple Employee Records System 1.0 - Unrestricted File Upload
Simple Employee Records System 1.0 - Unrestricted File Upload
Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.
Template:
id: CVE-2019-20183
info:
name: Simple Employee Records System 1.0 - Unrestricted File Upload
author: pikpikcu,j4vaovo
severity: high
description: |
Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.
impact: |
Successful exploitation of this vulnerability can result in unauthorized acces
2020-01-09
Published