9 matches found
CVE-2023-0641
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...
CVE-2022-30931
Employee Leaves Management System ELMS V 2.1 is vulnerable to Cross Site Request Forgery CSRF via /myprofile.php...
Employee Leaves Management System 2.1 Insecure Direct Object Reference
Employee Leaves Management System version 2.1 suffers from an insecure direct object reference vulnerability. Exploit Title: Employee Leaves Management System ELMS v2.1 - Authenticated Insecure Direct Object References IDOR Date: 2025-03-04 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...
Design/Logic Flaw
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...
CVE-2023-0641
PHPGurukul's Employee Leaves Management System 1.0 contains a vulnerability in changepassword.php where manipulating newpassword/confirmpassword weakens password requirements. The issue is remotely exploitable with high impact on confidentiality/integrity (per CVSS). Connected documents corrobora...
PT-2023-16418 · Unknown · Phpgurukul Employee Leaves Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Employee Leaves Management System version 1.0 Description: A vulnerability was found in the PHPGurukul Employee Leaves Management System, affecting an unknown functionality of the file changepassword.php. The manipulation of the...
Cross site request forgery (csrf)
Employee Leaves Management System ELMS V 2.1 is vulnerable to Cross Site Request Forgery CSRF via /myprofile.php...
CVE-2022-30931
CVE-2022-30931 affects Employee Leaves Management System (ELMS) version 2.1. Multiple connected sources confirm a Cross-Site Request Forgery (CSRF) vulnerability reachable via /myprofile.php, enabling an attacker to modify user profile details (e.g., username, phone number). The primary documents...
Employee Leaves Management System 2.0 Cross Site Request Forgery
Exploit Title: Employee Leaves Management System 2.0 Cross-Site Request Forgery Date: 22-01-2020 Author: Priyanka Samak Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/employee-leaves-management-system-elms/ Software: Employee Leaves Management System Version : 2.0...