VYPR

Employee Management System

by Clivedelacruz

CVEs (14)

  • CVE-2025-8172MedJul 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack…

  • CVE-2025-7126MedJul 7, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in itsourcecode Employee Management System up to 1.0. Affected by this issue is some unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql injection.…

  • CVE-2025-7125MedJul 7, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.php. The manipulation of the argument coursepg leads to sql injection. The attack…

  • CVE-2025-6351MedJun 20, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The attack may be initiated…

  • CVE-2025-7127MedJul 7, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0. This affects an unknown part of the file /admin/changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to…

  • CVE-2025-6610MedJun 25, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulation of the argument FirstName leads to sql injection. It is possible to initiate…

  • CVE-2025-57117Sep 15, 2025
    risk 0.00cvss epss 0.00

    A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department.

  • CVE-2025-44185May 15, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter.

  • CVE-2025-44186May 14, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page.

  • CVE-2025-44184May 14, 2025
    risk 0.00cvss epss 0.00

    SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters.

  • CVE-2024-1878Feb 26, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The…

  • CVE-2024-1871Feb 24, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross…

  • CVE-2024-25215Feb 14, 2024
    risk 0.00cvss epss 0.01

    Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.

  • CVE-2024-1010Jan 29, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site…