2 matches found
CVE-2021-42169
CVE-2021-42169 refers to a remote SQL injection bypass authentication vulnerability in “The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code.” The login parameter username is not protected, allowing malicious payloads to bypass security and authenticate admin re...
CVE-2023-1113
The CVE-2023-1113 entry concerns SourceCodester Simple Payroll System 1.0, where the POST Parameter Handler’s admin/?page=admin functionality is vulnerable. The root cause is manipulation of the fullname parameter, enabling cross-site scripting (XSS). The attack can be launched remotely (network ...