CVE-2024-25325 — SQL Injection in Employee Management System

CWE-89 — SQL Injection3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 80.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Walterjnr1 Employee Management System

Timeline

PublishedMar 12

Description

SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

▶NVDwalterjnr1/employee_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2024-25325: SQL injection vulnerability in Employee Management System v↗2024-03-12

▶

GHSA

GHSA-prhv-qr49-g94v: SQL injection vulnerability in Employee Management System v↗2024-03-12

▶