CVE Details
Basic Information
| Title | itsourcecode Employee Management System editempprofile.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-25T15:00:13.308Z |
| Last Seen |
Product Information
| Vendor | itsourcecode |
|---|---|
| Product | Employee Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability exists in the itsourcecode Employee Management System (version 1.0) due to improper input validation in the editempprofile.php file. This allows remote attackers to inject malicious SQL code via the FirstName argument, potentially leading to unauthorized data access and manipulation. |
|---|---|
| AI Severity | Medium |
| Vendor | itsourcecode |
| Product | Employee Management System |
| Affected Version | 1.0 |
Affected Products
- itsourcecode Employee Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulation of the argument FirstName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.