{"id":7085,"date":"2025-06-20T11:28:10","date_gmt":"2025-06-20T11:28:10","guid":{"rendered":"http:\/\/localhost\/?p=7085"},"modified":"2025-06-20T11:28:10","modified_gmt":"2025-06-20T11:28:10","slug":"itsourcecode-employee-record-management-system-editprofilephp-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7085","title":{"rendered":"itsourcecode Employee Record Management System editprofile.php sql injection"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nitsourcecode Employee Record Management System editprofile.php sql injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-20T16:00:11.757Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nitsourcecode<\/td>\n<\/tr>\n
Product<\/th>\nEmployee Record Management System<\/td>\n<\/tr>\n
Version<\/th>\n1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA SQL injection vulnerability in the Employee Record Management System 1.0 allows remote attackers to inject malicious SQL code via the emp1name argument in editprofile.php. This can lead to unauthorized data access and manipulation.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nitsourcecode<\/td>\n<\/tr>\n
Product<\/th>\nEmployee Record Management System<\/td>\n<\/tr>\n
Affected Version<\/th>\n1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n