17 results (0.028 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-employee.php.md https://vuldb.com/?ctiid.257080 https://vuldb.com/?id.257080 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument admin_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-admin.php.md https://vuldb.com/?ctiid.257079 https://vuldb.com/?id.257079 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20task-details.php.md https://vuldb.com/?ctiid.257078 https://vuldb.com/?id.257078 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The manipulation of the argument task_id leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20edit-task.php.md https://vuldb.com/?ctiid.257077 https://vuldb.com/?id.257077 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file /task-info.php. The manipulation leads to execution after redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/codeb0ss/CVE-2024-25735-PoC https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-info.php.md https://vuldb.com/?ctiid.257076 https://vuldb.com/?id.257076 • CWE-698: Execution After Redirect (EAR) •