21 matches found
CVE-2026-5798
CVE-2026-5798 affects Stel Order v3.25.1 and earlier. The vulnerability is an unsafe object reference (IDOR) in the /app/FrontController endpoint, exploitable by manipulating the employeeID parameter in requests. An authenticated attacker could access information about any employee (e.g., first n...
EUVD-2026-23264
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewaccount.php?empid=...
CVE-2026-37346
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewaccount.php?empid=...
CVE-2026-37346
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewaccount.php?empid=...
Open Source Point of Sale 安全漏洞
Open Source Point of Sale is an open-source sales point system based on the Open Source Point of Sale framework. Versions prior to Open Source Point of Sale 3.4.2 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.5.1, which stems from a SQL injection vulnerability in the idfuncionario parameter in the /html/funcionario/dependentelistar.php endpoint,...
CVE-2025-9733
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /logintimeee.php. Performing manipulation of the argument empid results in sql injection. The attack may be initiated remotely. The exploit has been released to...
CVE-2025-40686
CVE-2025-40686 affects Human Resource Management System v1.0. A reflected Cross-Site Scripting vulnerability exists in the /detailview.php page via the employeeid parameter, allowing injected JavaScript to run in a victim’s browser. Exploitation details are not provided in the CVE entry; related ...
Code-Projects Payroll Management System 注入漏洞
Code-Projects Payroll Management System is an open source payroll management system from Code-Projects. An injection vulnerability exists in Code-Projects Payroll Management System version 1.0, which stems from an incorrect manipulation of the parameter empid that can lead to SQL injection...
CVE-2024-2682
A vulnerability classified as problematic has been found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/employee/controller.php. The manipulation of the argument EMPLOYEEID leads to cross site scripting. It is possible to launch the attack remotely...
Campcodes Online Job Finder System Security Vulnerability
Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A security vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a cross-site scripting vulnerability in the EMPLOYEEID parameter of the...
CVE-2023-31944
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the empid parameter at employeeedit.php...
PT-2023-23536 · Unknown · Online Travel Agency System
Name of the Vulnerable Software and Affected Versions: Online Travel Agency System version 1.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the emp id parameter at the "employee detail.php" endpoint. This enables the attacker to potentially access or...
Online Travel Agency System SQL注入漏洞
Online Travel Agency System is an online travel agency system by Qaseem Hilal, an individual developer. A security vulnerability exists in Online Travel Agency System version v.1.0, which can be exploited to execute arbitrary code from the empid parameter of the employeeedit.php file...
PT-2023-23542 · Unknown · Online Travel Agency System
Name of the Vulnerable Software and Affected Versions: Online Travel Agency System version 1.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the emp id parameter at the "employee edit.php" endpoint. This enables the attacker to potentially access and...
CVE-2022-45729
A cross-site scripting XSS vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter...
CVE-2022-45729
A cross-site scripting XSS vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter...
CVE-2022-45729
A cross-site scripting XSS vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter...
Human Resource Management System SQL注入漏洞
Human Resource Management System is a Human Resource Management System by maverickosama Personal Developer. Human Resource Management System suffers from a SQL injection vulnerability that originates from unknown handling of the file /hrm/employeeadd.php, where manipulation of the parameter empid...