top of page
perceptive_background_267k.jpg

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_upload…

Published:

20 April 2026 at 22:00:00

Alert date:

21 April 2026 at 23:02:09

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

Visitor Management System 1.0 by sanjay1313 contains an unrestricted file upload vulnerability in admin_user_insert.php and update_1.php files. The move_uploaded_file() function lacks proper validation for MIME type, extension, or content. Authenticated administrators can exploit this weakness to upload PHP webshells. Successful exploitation leads to remote code execution on the affected server. The vulnerability affects two specific PHP files in the VMS application.

Technical details

Mitigation steps:

Affected products:

Visitor Management System

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-37748
https://github.com/menevarad007/CVE-2026-37748
https://github.com/sanjay1313/Visitor-Management-System

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page