CVE-2022-2723 – SourceCodester Employee Management System eprocess.php sql injection
https://notcve.org/view.php?id=CVE-2022-2723
A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. • https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E2%80%94Employee%20Management%20System%20eprocess.php%20SQL%20Injection https://vuldb.com/?id.205836 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-2715 – SourceCodester Employee Management System eloginwel.php sql injection
https://notcve.org/view.php?id=CVE-2022-2715
A vulnerability has been found in SourceCodester Employee Management System and classified as critical. This vulnerability affects unknown code of the file eloginwel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/vuls/vuls/blob/main/Employee%20Management%20System/Employee%20Management%20System%20eloginwel.php%20SQL%20Injection.pdf https://vuldb.com/?id.205834 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-30931
https://notcve.org/view.php?id=CVE-2022-30931
Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. Employee Leaves Management System (ELMS) Versión 2.1, es vulnerable a Cross Site Request Forgery (CSRF) por medio del archivo /myprofile.php • https://medium.com/%40niteshbiwal2011/my-first-cve-2022-30931-e70b9cbecbba https://www.acunetix.com/vulnerabilities/web/possible-csrf-cross-site-request-forgery • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-43712
https://notcve.org/view.php?id=CVE-2021-43712
Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. Una vulnerabilidad de tipo XSS almacenado en el Formulario de Adición de Nuevos Empleados en Sourcecodester Employee Daily Task Management System versión 1.0, permite a un atacante remoto inyectar/almacenar código arbitrario por medio del campo del nombre • http://employee.com http://sourcecodester.com https://patelvarshil.medium.com/cve-2021-43712-stored-xss-how-i-got-my-first-cve-5381370482d4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •