Vidoc logo

Module library

All modulesVisit vidocsecurity.com
Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Start for free

Employee Management System 1.0 - SQL Injection

By kannthu

Critical
Vidoc logoVidoc Module
#ems#sqli#cms#auth-bypass#edb
Description
Author: arafatansari Classification CWE-ID: CWE-89 CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS-Score: 10 Employee Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. Reference - https://www.exploit-db.com/exploits/48882 - https://www.sourcecodester.com/sites/default/files/download/razormist/employee-management-system.zip Metadata max-request: 1 verified: true

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: Admin Panel, Log Out, Employee Managemen...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability