SourceCodester Employee Management System eloginwel.php sql injection
Description
A vulnerability has been found in SourceCodester Employee Management System and classified as critical. This vulnerability affects unknown code of the file eloginwel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205834 is the identifier assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in SourceCodester Employee Management System's eloginwel.php allows remote attackers to execute arbitrary SQL commands via the id parameter.
Vulnerability
A critical SQL injection vulnerability exists in SourceCodester Employee Management System (unknown version) in the file eloginwel.php. The id parameter is not properly sanitized before being used in SQL queries, allowing an attacker to inject arbitrary SQL commands. The vulnerability is classified as critical and has been publicly disclosed [1].
Exploitation
An attacker can exploit this vulnerability remotely by sending a crafted HTTP request to eloginwel.php with a malicious id parameter. No authentication is required. The exploit has been published, providing a proof-of-concept that demonstrates the injection [1].
Impact
Successful exploitation allows an attacker to read, modify, or delete arbitrary data in the database. Depending on database permissions, this could lead to data exfiltration, privilege escalation, or even remote code execution. The confidentiality, integrity, and availability of the application are at risk.
Mitigation
No official patch has been released by SourceCodester as of the publication date. Users should implement input validation and use parameterized queries to prevent SQL injection. Until a fix is available, it is recommended to restrict access to the vulnerable endpoint or disable the affected functionality.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/vuls/vuls/blob/main/Employee%20Management%20System/Employee%20Management%20System%20eloginwel.php%20SQL%20Injection.pdfmitrex_refsource_MISC
- vuldb.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.