CVE-2026-3752

CWE-74CWE-89SQL Injection3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 91.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Employee Task Management SystemOretnom23 Employee Task Management System
Timeline
PublishedMar 8

Description

A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Employee Task Management System GET Parameter daily-task-report.php sql injection2026-03-08
GHSA
GHSA-j5h6-9v37-3mh2: A flaw has been found in SourceCodester Employee Task Management System up to 12026-03-08
CVE-2026-3752 (MEDIUM CVSS 5.1) | A flaw has been found in SourceCode | cvebase.io