CVE-2024-5976

CWE-89 — SQL Injection3 documents3 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 77.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Employee AND Visitor Gate Pass Logging System Oretnom23 Employee AND Visitor Gate Pass Logging System

Timeline

PublishedJun 13

Description

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268422 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/employee_and_visitor_gate_pass_logging_system1.0

▶NVDoretnom23/employee_and_visitor_gate_pass_logging_system1.0

🔴Vulnerability Details

GHSA

GHSA-ff8c-r6cp-6m85: A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1↗2024-06-13

▶

CVEList

SourceCodester Employee and Visitor Gate Pass Logging System log_employee sql injection↗2024-06-13

▶