CVE Details
Basic Information
| Title | Campcodes Employee Management System applyleave.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-01T13:32:09.016Z |
| Modified | 2025-07-01T13:53:24.905Z |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Employee Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability in Campcodes Employee Management System’s applyleave.php file allows remote attackers to inject malicious SQL code by manipulating the ID argument, potentially leading to unauthorized data access and system compromise. |
|---|---|
| AI Severity | High |
| AI Vendor | Campcodes |
| AI Product | Employee Management System |
| AI Version | 1.0 |
Affected Products
- Campcodes Employee Management System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /applyleave.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.