{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-37748", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-21T18:25:24.762Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-21T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-21T15:38:29.221Z"}, "descriptions": [{"lang": "en", "value": "Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell and achieve Remote Code Execution on the server."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/sanjay1313/Visitor-Management-System"}, {"url": "https://github.com/menevarad007/CVE-2026-37748"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "references": [{"url": "https://github.com/menevarad007/CVE-2026-37748", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T18:25:21.374014Z", "id": "CVE-2026-37748", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T18:25:24.762Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-37748", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-21T18:25:21.374014Z"}}}], "references": [{"url": "https://github.com/menevarad007/CVE-2026-37748", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T18:24:59.959Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/sanjay1313/Visitor-Management-System"}, {"url": "https://github.com/menevarad007/CVE-2026-37748"}], "descriptions": [{"lang": "en", "value": "Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell and achieve Remote Code Execution on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-21T15:38:29.221Z"}}}, "cveMetadata": {"cveId": "CVE-2026-37748", "state": "PUBLISHED", "dateUpdated": "2026-04-21T18:25:24.762Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-21T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sanjay1313:visitor_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "60E6B83E-AA62-4E02-9E37-D34FAC7E7731", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell and achieve Remote Code Execution on the server."}], "id": "CVE-2026-37748", "lastModified": "2026-04-22T16:02:05.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-21T16:16:20.113", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/menevarad007/CVE-2026-37748"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/sanjay1313/Visitor-Management-System"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/menevarad007/CVE-2026-37748"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.0]"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "visitor_management_system", "vendor": "sanjay1313"}], "analysis": {"en": {"generated_at": "2026-04-22T06:59:17.784967+00:00", "value": {"mitigation_remediation": ["Add server\u2011side checks for MIME type, file extension, and content before calling move_uploaded_file, and explicitly reject executable script uploads.", "Configure the web server to deny execution of any files placed in the upload directory (e.g., by using .htaccess directives or server configuration settings).", "Ensure that the upload directory is writable only by the web process and that no unnecessary administrative accounts exist on the system."], "summary": {"action": "Apply Workaround", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All deployments of Visitor Management System 1.0 that include the vulnerable upload scripts are impacted. No vendor\u2011supplied patch has been released yet; therefore every instance of v1.0 cannot be updated until an official fix becomes available.", "description_and_impact": "The Visitor Management System 1.0 by sanjay1313 contains an unrestricted file upload flaw within vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() call strictly performs no MIME type, file\u2011extension, or content validation, enabling an authenticated administrator to upload a PHP webshell and thus gain remote code execution on the host server. This flaw is a classic example of CWE-434, where lack of file\u2011type validation allows execution of malicious code.", "risk_and_exploitability": "The vulnerability is exploitable only by users with administrative privileges, which default installations may provide. Because no EPSS score is published and the flaw is not listed in CISA KEV, quantitative exploitation risk is unmeasured, but the medium\u2011to\u2011high score of 7.2 emphasizes a high potential impact. Attackers could obtain full server control once a webshell is uploaded; the lack of validation and potential for complete remote code execution make the risk significant even if the attacker must first acquire admin credentials."}}}}, "created": "2026-04-21T23:15:03.126907+00:00", "updated": "2026-04-22T11:47:04.107566+00:00", "vendors": ["sanjay1313", "sanjay1313$PRODUCT$visitor_management_system"]}