In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Arbitrary File Upload vulnerabilities in an interactive lesson.
Start learningThere is no fixed version for notrinos/notrinos-erp.
notrinos/notrinos-erp is a web-based enterprise management system that is written in PHP and MySql. NotrinosERP contains all the required modules for running any small to medium size businesses. It supports multi users, multi currencies, multi languages.
Affected versions of this package are vulnerable to Arbitrary File Upload via the tab_documents process. An attacker can execute arbitrary code on the server by uploading a crafted file with a dangerous extension, such as .php, which is then stored in a web-accessible directory without validation. This allows the attacker to access the uploaded file directly and trigger code execution. This is only exploitable if the attacker has an authenticated session with the required permissions and a valid CSRF token.