- Description
- A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
- Products
- employee_task_management_system
CVSS 4.0
- Type
- Secondary
- Base score
- 5.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 5.8
- Impact score
- 6.4
- Exploitability score
- 6.4
- Vector string
- AV:N/AC:L/Au:M/C:P/I:P/A:P
- cna@vuldb.com
- CWE-74
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oretnom23:employee_task_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8451593-5BFE-47AE-90ED-3F288A20D516",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]