CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2570 – SourceCodester Employee Task Management System edit-task.php redirect
https://notcve.org/view.php?id=CVE-2024-2570
18 Mar 2024 — A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit-task.php. The manipulation leads to execution after redirect. It is possible to initiate the attack remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20edit-task.php.md • CWE-698: Execution After Redirect (EAR) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2569 – SourceCodester Employee Task Management System admin-manage-user.php redirect
https://notcve.org/view.php?id=CVE-2024-2569
17 Mar 2024 — A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin-manage-user.php. The manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20admin-manage-user.php.md • CWE-698: Execution After Redirect (EAR) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2556 – SourceCodester Employee Task Management System attendance-info.php sql injection
https://notcve.org/view.php?id=CVE-2024-2556
17 Mar 2024 — A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/tht1997/WhiteBox/blob/main/sourcecodesters/employee-management-system-php-attendance-info.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2555 – SourceCodester Employee Task Management System update-admin.php sql injection
https://notcve.org/view.php?id=CVE-2024-2555
17 Mar 2024 — A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-update-adminphp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2554 – SourceCodester Employee Task Management System update-employee.php sql injection
https://notcve.org/view.php?id=CVE-2024-2554
17 Mar 2024 — A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2394 – SourceCodester Employee Management System add-admin.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-2394
12 Mar 2024 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. • https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25239
https://notcve.org/view.php?id=CVE-2024-25239
29 Feb 2024 — SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. La vulnerabilidad de inyección SQL en Sourcecodester Employee Management System v1.0 permite a los atacantes ejecutar comandos SQL arbitrarios a través de una solicitud POST manipulada para /emloyee_akpoly/Account/login.php. • https://blu3ming.github.io/sourcecodester-employee-management-system-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1878 – SourceCodester Employee Management System myprofile.php sql injection
https://notcve.org/view.php?id=CVE-2024-1878
26 Feb 2024 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be launched remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1877 – SourceCodester Employee Management System cancel.php sql injection
https://notcve.org/view.php?id=CVE-2024-1877
26 Feb 2024 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack can be launched remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Leave%20Cancel%20SQL%20Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1876 – SourceCodester Employee Management System psubmit.php sql injection
https://notcve.org/view.php?id=CVE-2024-1876
26 Feb 2024 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid with the input '+or+1%3d1%23 leads to sql injection. It is possible to launch the attack remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Project%20SQL%20Injection%20Update.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •