{"id":7229,"date":"2025-06-25T11:38:49","date_gmt":"2025-06-25T11:38:49","guid":{"rendered":"http:\/\/localhost\/?p=7229"},"modified":"2025-06-25T11:38:49","modified_gmt":"2025-06-25T11:38:49","slug":"itsourcecode-employee-management-system-editempprofilephp-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7229","title":{"rendered":"itsourcecode Employee Management System editempprofile.php sql injection"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nitsourcecode Employee Management System editempprofile.php sql injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-25T15:00:13.308Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nitsourcecode<\/td>\n<\/tr>\n
Product<\/th>\nEmployee Management System<\/td>\n<\/tr>\n
Version<\/th>\n1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.1 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:H\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA SQL injection vulnerability exists in the itsourcecode Employee Management System (version 1.0) due to improper input validation in the editempprofile.php file. This allows remote attackers to inject malicious SQL code via the FirstName argument, potentially leading to unauthorized data access and manipulation.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nitsourcecode<\/td>\n<\/tr>\n
Product<\/th>\nEmployee Management System<\/td>\n<\/tr>\n
Affected Version<\/th>\n1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n