[CVE ID]

CVE-2023-44824

[NAME OF AFFECTED PRODUCT(S)]

Expense Management System

[AFFECTED AND/OR FIXED VERSION(S)]

Expense Management System v1.0

[PROBLEM TYPE]

Vulnerability Type:Remote Code Execution.

Root Cause:The uploaded files are not filtered, resulting in an attacker's arbitrary malicious code execution on the website to achieve the purpose of attack.

Impact:The attacker can delete, rewrite, this server and the resources on it to achieve the purpose of the attack.

[DESCRIPTION]

Expense Management System 1.0 is vulnerable to romote code execution via arbitrary file upload.The attacker can upload your avatar picture when registering information. This upload is not filtered. The attacker can upload malicious code files to achieve the purpose of any remote code execution.