CVE-2021-45411

2022-01-1216:34:41

mitre

www.cve.org

sourcecodetester

printable staff id card creator system

sql injection

arbitrary file upload

remote code execution

cve-2021-45411

AI Score

9.9

Confidence

High

EPSS

0.038

Percentile

92.0%

JSON

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.

References

www.exploit-db.com/exploits/49877

www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html