Leave Management System
by Itsourcecode
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11432 | Hig | 0.47 | 7.3 | 0.00 | Oct 8, 2025 | A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql injection. The attack may be performed from remote. The exploit is publicly available and… | ||
| CVE-2025-11433 | Low | 0.23 | 3.5 | 0.00 | Oct 8, 2025 | A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross… | ||
| CVE-2025-3245 | 0.00 | — | 0.00 | Apr 4, 2025 | A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtuname leads to sql… | |||
| CVE-2024-48415 | 0.00 | — | 0.00 | Oct 22, 2024 | itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page. | |||
| CVE-2024-6192 | 0.00 | — | 0.01 | Jun 20, 2024 | A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated… | |||
| CVE-2024-5588 | 0.00 | — | 0.01 | Jun 2, 2024 | A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can… | |||
| CVE-2023-48205 | 0.00 | — | 0.01 | Dec 7, 2023 | Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. | |||
| CVE-2023-45540 | 0.00 | — | 0.01 | Oct 16, 2023 | An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. | |||
| CVE-2022-47866 | 0.00 | — | 0.01 | Jan 11, 2023 | Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. | |||
| CVE-2022-47861 | 0.00 | — | 0.01 | Jan 11, 2023 | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. | |||
| CVE-2022-47864 | 0.00 | — | 0.01 | Jan 11, 2023 | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. | |||
| CVE-2022-47862 | 0.00 | — | 0.01 | Jan 11, 2023 | Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. | |||
| CVE-2022-47860 | 0.00 | — | 0.01 | Jan 11, 2023 | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. | |||
| CVE-2022-4855 | 0.00 | — | 0.26 | Dec 30, 2022 | A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The… |
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql injection. The attack may be performed from remote. The exploit is publicly available and…
- risk 0.23cvss 3.5epss 0.00
A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross…
- CVE-2025-3245Apr 4, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtuname leads to sql…
- CVE-2024-48415Oct 22, 2024risk 0.00cvss —epss 0.00
itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.
- CVE-2024-6192Jun 20, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated…
- CVE-2024-5588Jun 2, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can…
- CVE-2023-48205Dec 7, 2023risk 0.00cvss —epss 0.01
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.
- CVE-2023-45540Oct 16, 2023risk 0.00cvss —epss 0.01
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.
- CVE-2022-47866Jan 11, 2023risk 0.00cvss —epss 0.01
Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.
- CVE-2022-47861Jan 11, 2023risk 0.00cvss —epss 0.01
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.
- CVE-2022-47864Jan 11, 2023risk 0.00cvss —epss 0.01
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.
- CVE-2022-47862Jan 11, 2023risk 0.00cvss —epss 0.01
Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.
- CVE-2022-47860Jan 11, 2023risk 0.00cvss —epss 0.01
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.
- CVE-2022-4855Dec 30, 2022risk 0.00cvss —epss 0.26
A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The…