CVE Details
Basic Information
| Title | itsourcecode Employee Record Management System editprofile.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-20T16:00:11.757Z |
| Last Seen |
Product Information
| Vendor | itsourcecode |
|---|---|
| Product | Employee Record Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability in the Employee Record Management System 1.0 allows remote attackers to inject malicious SQL code via the emp1name argument in editprofile.php. This can lead to unauthorized data access and manipulation. |
|---|---|
| AI Severity | Medium |
| Vendor | itsourcecode |
| Product | Employee Record Management System |
| Affected Version | 1.0 |
Affected Products
- itsourcecode Employee Record Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.