CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1010 – SourceCodester Employee Management System edit-profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1010
29 Jan 2024 — A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279. • https://github.com/jomskiller/Employee-Management-System---Stored-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1009 – SourceCodester Employee Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-1009
29 Jan 2024 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. • https://vuldb.com/?ctiid.252278 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1008 – SourceCodester Employee Management System Profile Page edit-photo.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-1008
29 Jan 2024 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. • https://vuldb.com/?ctiid.252277 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1007 – SourceCodester Employee Management System edit_profile.php sql injection
https://notcve.org/view.php?id=CVE-2024-1007
29 Jan 2024 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_profile.php. The manipulation of the argument txtfullname leads to sql injection. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.252276 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2023-0905 – SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication
https://notcve.org/view.php?id=CVE-2023-0905
18 Feb 2023 — A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://www.exploit-db.com/exploits/51285 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-0904 – SourceCodester Employee Task Management System task-details.php sql injection
https://notcve.org/view.php?id=CVE-2023-0904
18 Feb 2023 — A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. • https://packetstorm.news/files/id/171115 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0903 – SourceCodester Employee Task Management System edit-task.php sql injection
https://notcve.org/view.php?id=CVE-2023-0903
18 Feb 2023 — A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. • https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Employee%20Task%20Management%20System%20-%20SQL%20Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0641 – PHPGurukul Employee Leaves Management System changepassword.php weak password
https://notcve.org/view.php?id=CVE-2023-0641
02 Feb 2023 — A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. • https://github.com/ctflearner/Vulnerability/blob/main/Employee%20Leaves%20Management%20System/ELMS.md • CWE-521: Weak Password Requirements •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3121 – SourceCodester Online Employee Leave Management System addemployee.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2022-3121
05 Sep 2022 — A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. • https://vuldb.com/?id.207853 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43712
https://notcve.org/view.php?id=CVE-2021-43712
09 May 2022 — Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. Una vulnerabilidad de tipo XSS almacenado en el Formulario de Adición de Nuevos Empleados en Sourcecodester Employee Daily Task Management System versión 1.0, permite a un atacante remoto inyectar/almacenar código arbitrario por medio del campo del nombre • http://employee.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •