Filtered by vendor Employee Records System Project
Subscriptions
Filtered by product Employee Records System
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4462 | 2 Employee Records System Project, Skittles | 2 Employee Records System, Employee Records System | 2025-11-24 | 9.8 Critical |
| Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC. | ||||
| CVE-2019-20183 | 1 Employee Records System Project | 1 Employee Records System | 2024-11-21 | 7.2 High |
| uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension. | ||||
Page 1 of 1.