CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1009 – SourceCodester Employee Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-1009
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. • https://vuldb.com/?ctiid.252278 https://vuldb.com/?id.252278 https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1008 – SourceCodester Employee Management System Profile Page edit-photo.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-1008
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. • https://vuldb.com/?ctiid.252277 https://vuldb.com/?id.252277 https://www.youtube.com/watch?v=z4gcLZCOcnc • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1007 – SourceCodester Employee Management System edit_profile.php sql injection
https://notcve.org/view.php?id=CVE-2024-1007
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_profile.php. The manipulation of the argument txtfullname leads to sql injection. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.252276 https://vuldb.com/?id.252276 https://www.youtube.com/watch?v=1yesMwvWcL4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-0905 – SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication
https://notcve.org/view.php?id=CVE-2023-0905
A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://www.exploit-db.com/exploits/51285 https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Employee%20Task%20Management%20System%20-%20Broken%20Authentication.md https://vuldb.com/?ctiid.221454 https://vuldb.com/?id.221454 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-0904 – SourceCodester Employee Task Management System task-details.php sql injection
https://notcve.org/view.php?id=CVE-2023-0904
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. • https://www.exploit-db.com/exploits/51286 https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Employee%20Task%20Management%20System%20-%20SQL%20Injection%20-%202.md https://vuldb.com/?ctiid.221453 https://vuldb.com/?id.221453 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •