CVSS: 5.8EPSS: %CPEs: 1EXPL: 1CVE-2024-11214 – SourceCodester Best Employee Management System profile.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-11214
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sh3rl0ckpggp/0day/blob/main/Employee_management%20_system_RCE.md https://vuldb.com/?ctiid.284530 https://vuldb.com/?id.284530 https://vuldb.com/?submit.443304 https://www.sourcecodester.com • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.8EPSS: %CPEs: 1EXPL: 1CVE-2024-11213 – SourceCodester Best Employee Management System edit_role.php sql injection
https://notcve.org/view.php?id=CVE-2024-11213
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sh3rl0ckpggp/0day/blob/main/authenticated_sqli_Employee_management_system.md https://vuldb.com/?ctiid.284529 https://vuldb.com/?id.284529 https://vuldb.com/?submit.443298 https://www.sourcecodester.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: %CPEs: 1EXPL: 1CVE-2024-11212 – SourceCodester Best Employee Management System fetch_product_details.php sql injection
https://notcve.org/view.php?id=CVE-2024-11212
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument barcode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/physicszq/web_issue/blob/main/Management/sql_injection01.md https://vuldb.com/?ctiid.284528 https://vuldb.com/?id.284528 https://vuldb.com/?submit.442035 https://www.sourcecodester.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •