3 results (0.001 seconds)

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sh3rl0ckpggp/0day/blob/main/Employee_management%20_system_RCE.md https://vuldb.com/?ctiid.284530 https://vuldb.com/?id.284530 https://vuldb.com/?submit.443304 https://www.sourcecodester.com • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sh3rl0ckpggp/0day/blob/main/authenticated_sqli_Employee_management_system.md https://vuldb.com/?ctiid.284529 https://vuldb.com/?id.284529 https://vuldb.com/?submit.443298 https://www.sourcecodester.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument barcode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/physicszq/web_issue/blob/main/Management/sql_injection01.md https://vuldb.com/?ctiid.284528 https://vuldb.com/?id.284528 https://vuldb.com/?submit.442035 https://www.sourcecodester.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •