Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of t…
Published:
11 januari 2026 om 23:00:00
Alert date:
12 januari 2026 om 21:02:40
Source:
nvd.nist.gov
Web Technologies
Sourcecodester Covid-19 Contact Tracing System version 1.0 contains a critical Remote Code Execution (RCE) vulnerability. The vulnerability allows attackers to upload malicious PHP files through the user image upload functionality, enabling them to execute arbitrary code on the server. This can be exploited to establish reverse shells and gain unauthorized access to the system. The flaw appears to be related to insufficient input validation and file upload restrictions in the application's image handling component.
Technical details
Mitigation steps:
Affected products:
Sourcecodester Covid-19 Contact Tracing System
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2025-66802
https://feedly.com/cve/CVE-2022-2746
https://github.com/mtgsjr/CVE-2025-66802
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.