CVE-2024-48594
The target Prison Management System instance appears to suffer from CVE-2024-48594
/Practice/vmdak/3-Exploitation/attachments/{CDD8F98F-C7CD-433F-AD84-F38D6190F6F5}.png)
A vulnerability, which was classified as critical, was found in SourceCodester Prison Management System 1.0. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-48594. It is possible to launch the attack remotely.
Exploit
/Practice/vmdak/3-Exploitation/attachments/{0582AECF-9750-44A7-9191-479FE8220380}.png)
/Practice/vmdak/3-Exploitation/attachments/{E17D7AED-2D55-4C67-BCD4-9FBDDF874F07}-1.png)
There is an article describing the vulnerability as well as PoC