cbcvebase.
CVE-2019-20183
published 2020-01-09

CVE-2019-20183: uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side…

PriorityP352high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
6.72%
93.1th percentile
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.

Affected

1 ranges
VendorProductVersion rangeFixed in
employee_records_system_projectemployee_records_system

Detection & IOCsextracted from sources · hover to see the quote

path/dashboard/uploadID.php
path/uploads/employees_ids/
filenamepoc.php
filenameuploadimage.php
  • Monitor GET requests to /uploads/employees_ids/ for .php file access, which would indicate successful webshell upload and execution.
  • Use the regex pattern '(?:[a-zA-Z0-9+\/])*_poc.php' to identify uploaded PHP webshell filenames in server responses after upload to the employee IDs upload directory.
  • The X-Requested-With: XMLHttpRequest header is used in the exploit request; correlate with multipart/form-data uploads containing PHP files to /dashboard/uploadID.php.
  • ·File extension validation is implemented only on the client side (global.js), meaning server-side controls are absent. An attacker can bypass validation entirely by modifying the JavaScript before submission, without any server-side enforcement to detect or block.
  • ·The exploit uploads a file with Content-Type: image/png while the actual filename has a .php extension, so MIME-type-based detection alone is insufficient to catch this attack.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.