Employee Management System
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8172 | Med | 0.41 | 6.3 | 0.00 | Jul 25, 2025 | A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack… | ||
| CVE-2025-7126 | Med | 0.41 | 6.3 | 0.00 | Jul 7, 2025 | A vulnerability, which was classified as critical, has been found in itsourcecode Employee Management System up to 1.0. Affected by this issue is some unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql injection.… | ||
| CVE-2025-7125 | Med | 0.41 | 6.3 | 0.00 | Jul 7, 2025 | A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.php. The manipulation of the argument coursepg leads to sql injection. The attack… | ||
| CVE-2025-6351 | Med | 0.41 | 6.3 | 0.00 | Jun 20, 2025 | A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The attack may be initiated… | ||
| CVE-2025-7127 | Med | 0.31 | 4.7 | 0.00 | Jul 7, 2025 | A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0. This affects an unknown part of the file /admin/changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to… | ||
| CVE-2025-6610 | Med | 0.31 | 4.7 | 0.00 | Jun 25, 2025 | A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulation of the argument FirstName leads to sql injection. It is possible to initiate… | ||
| CVE-2025-57117 | 0.00 | — | 0.00 | Sep 15, 2025 | A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department. | |||
| CVE-2025-44185 | 0.00 | — | 0.00 | May 15, 2025 | SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter. | |||
| CVE-2025-44186 | 0.00 | — | 0.00 | May 14, 2025 | SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page. | |||
| CVE-2025-44184 | 0.00 | — | 0.00 | May 14, 2025 | SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters. | |||
| CVE-2024-1878 | 0.00 | — | 0.01 | Feb 26, 2024 | A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The… | |||
| CVE-2024-1871 | 0.00 | — | 0.01 | Feb 24, 2024 | A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross… | |||
| CVE-2024-25215 | 0.00 | — | 0.01 | Feb 14, 2024 | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. | |||
| CVE-2024-1010 | 0.00 | — | 0.01 | Jan 29, 2024 | A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site… |
- risk 0.41cvss 6.3epss 0.00
A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack…
- risk 0.41cvss 6.3epss 0.00
A vulnerability, which was classified as critical, has been found in itsourcecode Employee Management System up to 1.0. Affected by this issue is some unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql injection.…
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.php. The manipulation of the argument coursepg leads to sql injection. The attack…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The attack may be initiated…
- risk 0.31cvss 4.7epss 0.00
A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0. This affects an unknown part of the file /admin/changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulation of the argument FirstName leads to sql injection. It is possible to initiate…
- CVE-2025-57117Sep 15, 2025risk 0.00cvss —epss 0.00
A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department.
- CVE-2025-44185May 15, 2025risk 0.00cvss —epss 0.00
SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter.
- CVE-2025-44186May 14, 2025risk 0.00cvss —epss 0.00
SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page.
- CVE-2025-44184May 14, 2025risk 0.00cvss —epss 0.00
SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters.
- CVE-2024-1878Feb 26, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The…
- CVE-2024-1871Feb 24, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross…
- CVE-2024-25215Feb 14, 2024risk 0.00cvss —epss 0.01
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
- CVE-2024-1010Jan 29, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site…