CVE-2024-2556 – SourceCodester Employee Task Management System attendance-info.php sql injection
https://notcve.org/view.php?id=CVE-2024-2556
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/tht1997/WhiteBox/blob/main/sourcecodesters/employee-management-system-php-attendance-info.md https://vuldb.com/?ctiid.257055 https://vuldb.com/?id.257055 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-2555 – SourceCodester Employee Task Management System update-admin.php sql injection
https://notcve.org/view.php?id=CVE-2024-2555
A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-update-adminphp https://vuldb.com/?ctiid.257054 https://vuldb.com/?id.257054 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-2554 – SourceCodester Employee Task Management System update-employee.php sql injection
https://notcve.org/view.php?id=CVE-2024-2554
A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp https://vuldb.com/?ctiid.257053 https://vuldb.com/?id.257053 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-2394 – SourceCodester Employee Management System add-admin.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-2394
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. • https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md https://vuldb.com/?ctiid.256454 https://vuldb.com/?id.256454 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-1878 – SourceCodester Employee Management System myprofile.php sql injection
https://notcve.org/view.php?id=CVE-2024-1878
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be launched remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md https://vuldb.com/?ctiid.254726 https://vuldb.com/?id.254726 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •