Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
8.8CVSS
9.1AI Score
0.001EPSS
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
8.8CVSS
9.1AI Score
0.001EPSS
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
8.8CVSS
9.1AI Score
0.001EPSS
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.
6.5CVSS
6.7AI Score
0.001EPSS
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.
5.3CVSS
5.3AI Score
0.001EPSS