Page 3 of 14 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. • https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E2%80%94Employee%20Management%20System%20eprocess.php%20SQL%20Injection https://vuldb.com/?id.205836 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Employee Management System and classified as critical. This vulnerability affects unknown code of the file eloginwel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/vuls/vuls/blob/main/Employee%20Management%20System/Employee%20Management%20System%20eloginwel.php%20SQL%20Injection.pdf https://vuldb.com/?id.205834 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. Employee Leaves Management System (ELMS) Versión 2.1, es vulnerable a Cross Site Request Forgery (CSRF) por medio del archivo /myprofile.php • https://medium.com/%40niteshbiwal2011/my-first-cve-2022-30931-e70b9cbecbba https://www.acunetix.com/vulnerabilities/web/possible-csrf-cross-site-request-forgery • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. Una vulnerabilidad de tipo XSS almacenado en el Formulario de Adición de Nuevos Empleados en Sourcecodester Employee Daily Task Management System versión 1.0, permite a un atacante remoto inyectar/almacenar código arbitrario por medio del campo del nombre • http://employee.com http://sourcecodester.com https://patelvarshil.medium.com/cve-2021-43712-stored-xss-how-i-got-my-first-cve-5381370482d4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •