Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-28595 — SQL Injection in Employee Management System

CWE-89 — SQL Injection4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.3%

top 20.04%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Walterjnr1 Employee Management System

Timeline

PublishedMar 19

Latest updateMar 20

Description

SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDwalterjnr1/employee_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-qcc3-2x2p-6v35: SQL Injection vulnerability in Employee Management System v1↗2024-03-20

▶

CVEList

CVE-2024-28595: SQL Injection vulnerability in Employee Management System v1↗2024-03-19

▶

💥Exploits & PoCs

Exploit-DB

Employee Management System 1.0 - 'admin_id' SQLi↗2024-03-20

▶