cve/2021/CVE-2021-44087.md

### [CVE-2021-44087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44087)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.

### POC

#### Reference
- https://www.exploit-db.com/exploits/50801
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip

#### Github
No PoCs found on GitHub currently.