Share
## https://sploitus.com/exploit?id=697F6EEC-214A-512D-A675-DCF69613806B
# CVE-2021-4462 Test Environment
Docker-based test environment for **CVE-2021-4462** (Employee Records System 1.0 - Unrestricted File Upload) using the **real application source code**.
## Quick Start
### Prerequisites
- Docker and Docker Compose
- Nuclei scanner
- Source code from SourceCodester (see below)
### Step 1: Download Source Code
1. Visit: https://www.sourcecodester.com/php/11393/employee-records-system.html
2. Download and extract the ZIP file
3. Copy contents to: `real-application/employee_records_system/`
> **Note**: Source code is NOT included (excluded via `.gitignore`). You must download it separately.
### Step 2: Setup
```bash
cd test-environments/CVE-2021-4462
chmod +x setup-real-app.sh
./setup-real-app.sh
```
### Step 3: Start Environment
```bash
docker compose -f docker-compose.real.yml up -d --build
```
Wait 30-60 seconds for MySQL to initialize.
### Step 4: Access & Test
- **URL**: http://localhost:8080
- **Login**: `admins` / `admin1234`
**Test with Nuclei**:
```bash
nuclei -t http/cves/2021/CVE-2021-4462.yaml -target http://localhost:8080 -debug
```
## Configuration
- **Database**: `sharp_db` (MySQL)
- **Vulnerable File**: `/dashboard/uploadID.php`
- **Form Field**: `employee_ID`
- **Upload Path**: `/uploads/employees_ids/`
## Troubleshooting
### Invalid Password
```bash
docker exec cve-2021-4462-mysql mysql -uroot -prootpassword sharp_db \
-e "UPDATE users SET password = MD5('admin1234') WHERE username = 'admins';"
```
### Check Logs
```bash
docker logs cve-2021-4462-mysql # Database logs
docker logs cve-2021-4462-real # Application logs
```
### Stop Environment
```bash
docker compose -f docker-compose.real.yml down
```
## Files Structure
```
CVE-2021-4462/
โโโ README.md # This file
โโโ setup-real-app.sh # Setup script
โโโ Dockerfile.real # Docker configuration
โโโ docker-compose.real.yml # Docker Compose with MySQL
โโโ init-db.sh # Database initialization
โโโ real-application/ # Source code (download required)
โโโ uploads/ # Upload directory
```
## References
- [CVE-2021-4462](https://nvd.nist.gov/vuln/detail/CVE-2021-4462)
- [Exploit-DB 49596](https://www.exploit-db.com/exploits/49596)
- [SourceCodester](https://www.sourcecodester.com/php/11393/employee-records-system.html)
---
**Status**: โ
Tested and Verified