Vulnerability Details CVE-2019-20183
uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.659
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2019-20183
-
cpe:2.3:a:employee_records_system_project:employee_records_system:1.0