Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-73496
HistoryMar 18, 2022 - 12:00 a.m.

Online Project Time Management System SQL Injection Vulnerability

2022-03-1800:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
web-based
sql injection
vulnerability
validation
sensitive database data
project time management

EPSS

0.015

Percentile

87.5%

Online Project Time Management System is a web-based online project time management system that provides an online platform for a company’s employees to report/record their assigned time or time spent on each project resubmission. online project time management system A SQL injection vulnerability exists in v1.0, which stems from a lack of validation of external input SQL statements in the id parameter of the save_employee function in /ptms/classes/Users.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.

EPSS

0.015

Percentile

87.5%

Related for CNVD-2022-73496