Author: arafatansari
Classification
CWE-ID: CWE-89
CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS-Score: 10
Employee Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
Reference
- https://www.exploit-db.com/exploits/48882
- https://www.sourcecodester.com/sites/default/files/download/razormist/employee-management-system.zip
Metadata
max-request: 1
verified: true