CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37781
https://notcve.org/view.php?id=CVE-2021-37781
Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. Employee Record Management System v 1.2 es vulnerable a Cross Site Scripting (XSS) a través de editempprofile.php. • https://github.com/BigTiger2020/Employee-Record-Management-System/blob/main/Employee%20Record%20Management%20System%20-%20xss.md https://phpgurukul.com/employee-record-management-system-in-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37782
https://notcve.org/view.php?id=CVE-2021-37782
Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. Employee Record Management System v 1.2 es vulnerable a la inyección SQL a través de editempprofile.php. • https://github.com/BigTiger2020/Employee-Record-Management-System/blob/main/Employee%20Record%20Management%20System.md https://phpgurukul.com/employee-record-management-system-in-php-and-mysql • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44965
https://notcve.org/view.php?id=CVE-2021-44965
Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. Una vulnerabilidad de Salto de Directorio en el directorio /admin/includes/* de PHPGURUKUL Employee Record Management System versión 1.2 El atacante puede recuperar y descargar información confidencial del servidor vulnerable • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/PHPGURUKUL/ANUJ%20KUMAR/Employee-Record-Management-System • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44966
https://notcve.org/view.php?id=CVE-2021-44966
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system. Una vulnerabilidad de omisión de autenticación por inyección SQL en PHPGURUKUL Employee Record Management System versión 1.2 por medio del archivo index.php. Un atacante puede iniciar sesión como una cuenta de administrador de este sistema y puede destruir, cambiar o manipular toda la información confidencial del sistema • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/PHPGURUKUL/ANUJ%20KUMAR/Employee-Record-Management-System-SQL-Injection-Bypass-Authentication • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2021-43451
https://notcve.org/view.php?id=CVE-2021-43451
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. Se presenta una vulnerabilidad de inyección SQL en PHPGURUKUL Employee Record Management System versión 1.2, por medio del parámetro Email POST en el archivo /forgetpassword.php • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/PHPGURUKUL/ANUJ%20KUMAR/Employee-Record-Management-System-SQL-Injection https://www.exploit-db.com/exploits/50467 https://www.nu11secur1ty.com/2021/12/cve-2021-43451.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •