A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
GHSA-wmr8-wvmc-3q52: A security flaw has been discovered in code-projects Employee Profile Management System 1.0....
A security flaw in code-projects Employee Profile Management System 1.0 allows unrestricted file uploads via the /profiling/add_file_query.php file, exploitable remotely.