2 matches found
Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection
Exploit Title: Employee Management System 1.0 - txtfullname and txtphone SQL Injection Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version: 1.0 Tested on:...
CVE-2024-24499
Summary of findings for CVE-2024-24499 : The vulnerability is in SourceCodester Employee Management System 1.0, affecting the edit_profile.php component. The root cause is a SQL injection flaw in the txtfullname parameter (and related fields like txtphone in some references) that allows a remote ...