CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48813
https://notcve.org/view.php?id=CVE-2024-48813
11 Oct 2024 — SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component. • https://gitee.com/lssrain/taskmatic/issues/IAUXOL • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-28595 – Employee Management System 1.0 - 'admin_id' SQLi
https://notcve.org/view.php?id=CVE-2024-28595
19 Mar 2024 — SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php. Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024. • https://packetstorm.news/files/id/177681 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1199 – CodeAstro Employee Task Management System attendance-info.php denial of service
https://notcve.org/view.php?id=CVE-2024-1199
03 Feb 2024 — A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://docs.qq.com/doc/DYnhIWEdkZXViTXdD • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1011 – SourceCodester Employee Management System Leave delete-leave.php access control
https://notcve.org/view.php?id=CVE-2024-1011
29 Jan 2024 — A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1010 – SourceCodester Employee Management System edit-profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1010
29 Jan 2024 — A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279. • https://github.com/jomskiller/Employee-Management-System---Stored-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1009 – SourceCodester Employee Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-1009
29 Jan 2024 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. • https://vuldb.com/?ctiid.252278 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2023-0905 – SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication
https://notcve.org/view.php?id=CVE-2023-0905
18 Feb 2023 — A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://www.exploit-db.com/exploits/51285 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-0904 – SourceCodester Employee Task Management System task-details.php sql injection
https://notcve.org/view.php?id=CVE-2023-0904
18 Feb 2023 — A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. • https://packetstorm.news/files/id/171115 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0903 – SourceCodester Employee Task Management System edit-task.php sql injection
https://notcve.org/view.php?id=CVE-2023-0903
18 Feb 2023 — A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. • https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Employee%20Task%20Management%20System%20-%20SQL%20Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0641 – PHPGurukul Employee Leaves Management System changepassword.php weak password
https://notcve.org/view.php?id=CVE-2023-0641
02 Feb 2023 — A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. • https://github.com/ctflearner/Vulnerability/blob/main/Employee%20Leaves%20Management%20System/ELMS.md • CWE-521: Weak Password Requirements •