Attendance and Payroll System
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-44087 | 0.02 | — | 0.05 | Mar 17, 2022 | A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. | |||
| CVE-2024-10422 | 0.00 | — | 0.00 | Oct 27, 2024 | A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtime_add.php. The manipulation of the argument id leads to sql injection. The attack may be… | |||
| CVE-2024-10421 | 0.00 | — | 0.00 | Oct 27, 2024 | A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely.… | |||
| CVE-2024-10420 | 0.00 | — | 0.00 | Oct 27, 2024 | A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the… | |||
| CVE-2022-28006 | 0.00 | — | 0.01 | Apr 21, 2022 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_delete.php. | |||
| CVE-2022-28012 | 0.00 | — | 0.01 | Apr 21, 2022 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_delete.php. | |||
| CVE-2022-28014 | 0.00 | — | 0.01 | Apr 21, 2022 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_edit.php. | |||
| CVE-2022-28019 | 0.00 | — | 0.01 | Apr 21, 2022 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_edit.php. | |||
| CVE-2022-28020 | 0.00 | — | 0.01 | Apr 21, 2022 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_edit.php. | |||
| CVE-2021-44088 | 0.00 | — | 0.03 | Mar 17, 2022 | An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. |
- CVE-2021-44087Mar 17, 2022risk 0.02cvss —epss 0.05
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.
- CVE-2024-10422Oct 27, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtime_add.php. The manipulation of the argument id leads to sql injection. The attack may be…
- CVE-2024-10421Oct 27, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely.…
- CVE-2024-10420Oct 27, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the…
- CVE-2022-28006Apr 21, 2022risk 0.00cvss —epss 0.01
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_delete.php.
- CVE-2022-28012Apr 21, 2022risk 0.00cvss —epss 0.01
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_delete.php.
- CVE-2022-28014Apr 21, 2022risk 0.00cvss —epss 0.01
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_edit.php.
- CVE-2022-28019Apr 21, 2022risk 0.00cvss —epss 0.01
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_edit.php.
- CVE-2022-28020Apr 21, 2022risk 0.00cvss —epss 0.01
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_edit.php.
- CVE-2021-44088Mar 17, 2022risk 0.00cvss —epss 0.03
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.