11 matches found
CVE-2025-6826
The CVE-2025-6826 entry concerns code-projects Payroll Management System 1.0 where the vulnerability resides in /Payroll_Management_System/ajax.php?action=save_department. The root cause is an SQL injection caused by manipulation of the ID parameter, enabling remote exploitation. Public disclosur...
CVE-2025-7219
CVE-2025-7219 affects Campcodes Payroll Management System 1.0. The vulnerability is a SQL injection in an unknown function of /ajax.php?action=delete_allowances, exploitable remotely via the ID parameter. The issue is described as critical/high depending on source (remote, low user interaction) w...
CVE-2025-7217
CVE-2025-7217 affects Campcodes Payroll Management System 1.0. The vulnerability resides in unknown code within /ajax.php?action=save_position, where manipulating the ID parameter triggers a SQL injection. It is exploitable remotely and the exploit has been publicly disclosed. Multiple feeds clas...
CVE-2025-7129
CVE-2025-7129 affects Campcodes Payroll Management System the 1.0 release. The vulnerability stems from improper handling of the ID argument in the endpoint /ajax.php?action=delete_employee_attendance_single, enabling SQL injection and potentially allowing remote exploitation. Multiple connected ...
CVE-2025-7130
Campcodes Payroll Management System 1.0 contains a remote SQL injection in /ajax.php?action=delete_payroll via manipulated ID parameter. The vulnerability is documented as critical with potential high impact on confidentiality, integrity, and availability. Exploitation is reported as possible and...
CVE-2025-7131
Campcodes Payroll Management System 1.0 is affected by a SQL injection in /ajax.php?action=save_employee_attendance via manipulation of the employee_id parameter. The vulnerability allows remote exploitation, with public disclosures noted. Root cause: improper handling of input in the save_employ...
CVE-2025-7132
CVE-2025-7132 affects Campcodes Payroll Management System 1.0. The vulnerability is in the /ajax.php?action=save_payroll endpoint, where manipulation of the ID argument enables SQL injection. Exploitation is described as possible remotely, with public disclosure of the exploit. The connected docu...
CVE-2025-7218
The CVE-2025-7218 entry concerns Campcodes Payroll Management System 1.0 with a SQL injection vulnerability in the file /ajax.php?action=delete_position caused by improper handling of the ID parameter. The issue is exploitable remotely and publicly disclosed. Affected component: the web endpoint ...
CVE-2025-7220
CVE-2025-7220 concerns Campcodes Payroll Management System 1.0. The vulnerability is an unauthenticated SQL injection in the unknown function reachable via the file /ajax.php?action=save_deductions, caused by manipulation of the parameter ID. It is exploitable remotely, and public disclosures/exp...
CVE-2025-7128
CVE-2025-7128 affects Campcodes Payroll Management System 1.0. The vulnerability stems from improper handling of the ID parameter in /ajax.php?action=calculate_payroll, enabling remote SQL injection. Multiple sources confirm the attack is network-proximate with high-impact potential (confidential...
CVE-2025-9529
CVE-2025-9529 affects Campcodes Payroll Management System 1.0. The vulnerability is a remote file inclusion caused by manipulating the page argument in the /index.php include function. Multiple sources confirm this weakness and remote exploitation is possible, with public exploits available. No s...