Employee Management System

CVEs (4)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-17992	Biometric Shift Employee Management System	Cri	0.64	9.8	0.01	Dec 30, 2017	Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
CVE-2017-17876	Biometric Shift Employee Management System	Hig	0.54	7.5	0.24	Dec 27, 2017	Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
CVE-2017-17995	Biometric Shift Employee Management System	Med	0.35	5.4	0.00	Dec 30, 2017	Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.
CVE-2017-17994	Biometric Shift Employee Management System	Med	0.35	5.4	0.00	Dec 30, 2017	Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.

CVE-2017-17992CriDec 30, 2017
Biometric Shift
Employee Management System
risk 0.64cvss 9.8epss 0.01
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
CVE-2017-17876HigDec 27, 2017
Biometric Shift
Employee Management System
risk 0.54cvss 7.5epss 0.24
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
CVE-2017-17995MedDec 30, 2017
Biometric Shift
Employee Management System
risk 0.35cvss 5.4epss 0.00
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.
CVE-2017-17994MedDec 30, 2017
Biometric Shift
Employee Management System
risk 0.35cvss 5.4epss 0.00
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.