CVE-2024-10420

CWE-434Unrestricted File Upload3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 65.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Attendance AND Payroll SystemNurhodelta17 Attendance AND Payroll System
Timeline
PublishedOct 27

Description

A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Attendance and Payroll System update.php upload unrestricted upload2024-10-27
GHSA
GHSA-g4w7-2r97-835p: A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 12024-10-27
CVE-2024-10420 (MEDIUM CVSS 5.3) | A vulnerability classified as criti | cvebase.io