CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28018
https://notcve.org/view.php?id=CVE-2022-28018
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_edit.php. Se ha detectado que Attendance and Payroll System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del componente \admin\schedule_edit.php • https://github.com/k0xx11/bug_report/blob/main/bug_m/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28019
https://notcve.org/view.php?id=CVE-2022-28019
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_edit.php. Se ha detectado que Attendance and Payroll System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del componente \admin\employee_edit.php • https://github.com/k0xx11/bug_report/blob/main/bug_n/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28020
https://notcve.org/view.php?id=CVE-2022-28020
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_edit.php. Se ha detectado que Attendance and Payroll System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del componente \admin\position_edit.php • https://github.com/k0xx11/bug_report/blob/main/bug_o/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2021-44087
https://notcve.org/view.php?id=CVE-2021-44087
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. Se presenta una vulnerabilidad de Ejecución de Código Remota (RCE) en Sourcecodester Attendance and Payroll System versión v1.0, que permite a un atacante remoto no autenticado cargar un PHP maliciosamente diseñado por medio de una carga de fotos • http://sourcecodester.com https://www.exploit-db.com/exploits/50801 https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44088
https://notcve.org/view.php?id=CVE-2021-44088
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. Se presenta una vulnerabilidad de inyección SQL en Sourcecodester Attendance and Payroll System versión v1.0, que permite a un atacante remoto omitir la autenticación por medio de parámetros de inicio de sesión no saneados • http://sourcecodester.com https://www.exploit-db.com/exploits/50802 https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •