.. / CVE-2019-20183

Exploit for Simple Employee Records System 1.0 - Unrestricted File Upload (CVE-2019-20183)

Description:

Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.

Nuclei Template

View the template here CVE-2019-20183.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-20183.yaml

References:

https://www.exploit-db.com/exploits/49596
https://medium.com/@Pablo0xSantiago/cve-2019-20183-employee-records-system-bypass-file-upload-to-rce-ea2653660b34
https://medium.com/%40Pablo0xSantiago/cve-2019-20183-employee-records-system-bypass-file-upload-to-rce-ea2653660b34
https://nvd.nist.gov/vuln/detail/CVE-2019-20183
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2019-20183 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Simple Employee Records System 1.0 - Unrestricted File Upload (CVE-2019-20183)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-20183