CVE-2025-6826

CWE-74CWE-89SQL InjectionCWE-787Out-of-bounds Write4 documents4 sources
Severity
6.9MEDIUM
EPSS
0.1%
top 79.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Code-projects Payroll Management SystemCampcodes Payroll Management System
Timeline
PublishedJun 28

Description

A vulnerability, which was classified as critical, has been found in code-projects Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /Payroll_Management_System/ajax.php?action=save_department. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-j88r-fq49-rgqf: A vulnerability, which was classified as critical, has been found in code-projects Payroll Management System 12025-06-28
CVEList
code-projects Payroll Management System ajax.php sql injection2025-06-28

📋Vendor Advisories

1
Microsoft
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection tools/tiffcrop.c:6826 allowing attackers to cause a denial-of-service via a craft2022-10-11
CVE-2025-6826 (MEDIUM CVSS 6.9) | A vulnerability | cvebase.io