cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9315,https://securityvulnerability.io/vulnerability/CVE-2024-9315,SQL Injection Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System,"A significant security flaw has been identified in the SourceCodester Employee and Visitor Gate Pass Logging System version 1.0. The issue arises from improper handling of inputs in the /admin/maintenance/manage_department.php file, leading to a SQL injection vulnerability when the 'id' argument is manipulated. This type of vulnerability can allow attackers to execute arbitrary SQL queries, potentially compromising sensitive data or gaining unauthorized access to the database. Given that the exploit can be initiated remotely, it poses a serious risk for organizations utilizing this system. Public disclosure of the exploit means it could be readily available for malicious actors, emphasizing the importance of immediate mitigation measures.",SourceCodester,Employee And Visitor Gate Pass Logging System,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-09-28T19:15:00.000Z,0
CVE-2024-7069,https://securityvulnerability.io/vulnerability/CVE-2024-7069,SQL Injection Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System,"A critical vulnerability has been identified in the SourceCodester Employee and Visitor Gate Pass Logging System version 1.0, specifically within the file processing function located at /employee_gatepass/classes/Master.php?f=delete_department. The vulnerability arises from improper validation of input parameters, allowing a malicious actor to manipulate the 'id' argument and execute SQL injection attacks remotely. This exposes sensitive data and compromises the integrity of the system. The exploitation of this vulnerability has been publicly disclosed, highlighting the urgency for users to implement security measures to mitigate potential risks. For further details on this vulnerability, please refer to [VDB-272351](https://vuldb.com/?id.272351).",Sourcecodester,Employee And Visitor Gate Pass Logging System,7.5,HIGH,0.0021100000012665987,false,,false,false,true,2024-07-24T14:31:04.000Z,true,false,false,,2024-07-24T15:31:04.268Z,0
CVE-2024-6967,https://securityvulnerability.io/vulnerability/CVE-2024-6967,SQL Injection Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System,"A significant vulnerability has been identified in the SourceCodester Employee and Visitor Gate Pass Logging System version 1.0. This vulnerability is related to improper handling of user input in the admin management area, specifically at the endpoint /employee_gatepass/admin/?page=employee/manage_employee. Attackers can exploit this weakness by manipulating the 'id' parameter, leading to SQL injection attacks. This vulnerability allows unauthorized remote access and significant risks of data manipulation, exposing sensitive information. Security practitioners and users should take immediate action to assess and mitigate this vulnerability to prevent potential exploitation.",Sourcecodester,Employee And Visitor Gate Pass Logging System,7.5,HIGH,0.0006799999973736703,false,,false,false,true,2024-07-22T01:31:04.000Z,true,false,false,,2024-07-22T02:31:04.286Z,0
CVE-2024-6736,https://securityvulnerability.io/vulnerability/CVE-2024-6736,SQL Injection Flaw in SourceCodester Employee and Visitor Gate Pass Logging System,"A critical SQL injection vulnerability exists in the SourceCodester Employee and Visitor Gate Pass Logging System version 1.0, specifically affecting the file view_employee.php. The vulnerability arises due to improper handling of user-supplied input in the 'id' argument, enabling remote attackers to execute arbitrary SQL commands through crafted requests. This flaw may allow adversaries to gain unauthorized access to sensitive data and manipulate the database. The vulnerability has been disclosed publicly, highlighting the urgent need for affected users to implement protective measures and updates.",SourceCodester,Employee And Visitor Gate Pass Logging System,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2024-07-15T01:15:00.000Z,0
CVE-2024-6650,https://securityvulnerability.io/vulnerability/CVE-2024-6650,Cross Site Scripting Vulnerability in Employee and Visitor Gate Pass Logging System 1.0,A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability.,SourceCodester,Employee And Visitor Gate Pass Logging System,4.8,MEDIUM,0.003000000026077032,false,,false,false,false,,,false,false,,2024-07-10T23:15:00.000Z,0
CVE-2024-5976,https://securityvulnerability.io/vulnerability/CVE-2024-5976,SQL Injection Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System,"A critical SQL injection vulnerability has been identified in the SourceCodester Employee and Visitor Gate Pass Logging System, version 1.0. The vulnerability affects the function log_employee within the Master.php file. By manipulating the employee_code argument, an attacker can execute arbitrary SQL commands, which may lead to unauthorized access to sensitive information. This vulnerability can be exploited remotely, putting users at significant risk. Organizations using this platform are strongly advised to implement necessary patches and security measures to mitigate the risks associated with this vulnerability.",Sourcecodester,Employee And Visitor Gate Pass Logging System,9.8,CRITICAL,0.0018400000408291817,false,,false,false,true,2024-06-13T20:00:04.000Z,true,false,false,,2024-06-13T21:00:04.725Z,0
CVE-2024-4921,https://securityvulnerability.io/vulnerability/CVE-2024-4921,Unrestricted File Upload Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System,"A critical vulnerability has been identified in the SourceCodester Employee and Visitor Gate Pass Logging System version 1.0, specifically within the file handling routines of Users.php. This flaw allows unauthenticated users to manipulate the 'img' argument, resulting in unrestricted file uploads. This poses significant risks, as attackers can exploit this vulnerability to upload malicious files to the server, leading to potential system compromise and unauthorized access. The vulnerability has been publicly disclosed, making it imperative for users and organizations utilizing this system to implement necessary security measures and updates promptly.",Sourcecodester,Employee And Visitor Gate Pass Logging System,9.8,CRITICAL,0.00044999999227002263,false,,false,false,true,2024-05-15T23:31:04.000Z,true,false,false,,2024-05-16T00:31:04.604Z,0
CVE-2023-2090,https://securityvulnerability.io/vulnerability/CVE-2023-2090,SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection,"A vulnerability has been identified in the SourceCodester Employee and Visitor Gate Pass Logging System 1.0 that allows for SQL injection via the 'id' parameter in the /admin/maintenance/view_designation.php file. This flaw enables attackers to manipulate SQL queries, potentially compromising the security of the database. The vulnerability can be exploited remotely, raising urgent security concerns for users of this system. Timely updates and security measures are recommended to mitigate risks associated with this vulnerability.",Sourcecodester,Employee And Visitor Gate Pass Logging System,8.8,HIGH,0.003289999905973673,false,,false,false,false,,,false,false,,2023-04-15T09:15:00.000Z,0