CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2554 – SourceCodester Employee Task Management System update-employee.php sql injection
https://notcve.org/view.php?id=CVE-2024-2554
A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp https://vuldb.com/?ctiid.257053 https://vuldb.com/?id.257053 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2394 – SourceCodester Employee Management System add-admin.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-2394
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. • https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md https://vuldb.com/?ctiid.256454 https://vuldb.com/?id.256454 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1878 – SourceCodester Employee Management System myprofile.php sql injection
https://notcve.org/view.php?id=CVE-2024-1878
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be launched remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md https://vuldb.com/?ctiid.254726 https://vuldb.com/?id.254726 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1877 – SourceCodester Employee Management System cancel.php sql injection
https://notcve.org/view.php?id=CVE-2024-1877
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack can be launched remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Leave%20Cancel%20SQL%20Injection.md https://vuldb.com/?ctiid.254725 https://vuldb.com/?id.254725 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1876 – SourceCodester Employee Management System psubmit.php sql injection
https://notcve.org/view.php?id=CVE-2024-1876
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid with the input '+or+1%3d1%23 leads to sql injection. It is possible to launch the attack remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Project%20SQL%20Injection%20Update.md https://vuldb.com/?ctiid.254724 https://vuldb.com/?id.254724 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •