cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1160,https://securityvulnerability.io/vulnerability/CVE-2025-1160,Default Credential Vulnerability in SourceCodester Employee Management System,"A vulnerability exists in the SourceCodester Employee Management System 1.0, specifically within the index.php file, where manipulation of the username and password arguments can lead to the exploitation of default credentials. This vulnerability allows an attacker to gain unauthorized access remotely, potentially compromising sensitive information and system integrity. As the exploit has already been publicly disclosed, immediate action to secure the affected systems is highly recommended.",Sourcecodester,Employee Management System,6.9,MEDIUM,0.01,false,,false,false,true,2025-02-10T22:31:04.000Z,true,false,false,,2025-02-10T22:31:04.690Z,0
CVE-2025-0802,https://securityvulnerability.io/vulnerability/CVE-2025-0802,Improper Access Control in SourceCodester Best Employee Management System,"A vulnerability has been identified in the SourceCodester Best Employee Management System version 1.0, specifically within the /admin/View_user.php file of the Administrative Endpoint. This issue arises from improper access controls that may allow unauthorized remote access to sensitive functionalities of the application. This vulnerability poses significant risk, as it can be exploited remotely, potentially compromising user data and system integrity. The exploit has already been disclosed and is available for public access, emphasizing the need for immediate action to mitigate potential threats.",Sourcecodester,Best Employee Management System,6.9,MEDIUM,0.0005200000014156103,false,,false,false,true,2025-01-29T02:00:14.000Z,true,false,false,,2025-01-29T02:00:14.351Z,0
CVE-2024-9083,https://securityvulnerability.io/vulnerability/CVE-2024-9083,Cross Site Scripting Vulnerability in SourceCodester Employee Management System 1.0,"A significant cross-site scripting vulnerability has been identified in the SourceCodester Employee Management System version 1.0. The vulnerability affects the /Admin/add-admin.php file, specifically through the manipulation of the 'txtfullname' argument. This weakness allows attackers to execute arbitrary JavaScript in a victim's web browser, potentially leading to unauthorized actions on behalf of the victim. The exploit can be executed remotely, making it imperative for users of this application to apply mitigations. Public disclosure of this vulnerability heightens the urgency for a timely response to protect against possible attacks.",Sourcecodester,Employee Management System,4.8,MEDIUM,0.0007800000021234155,false,,false,false,true,2024-09-22T07:31:05.000Z,true,false,false,,2024-09-22T08:31:05.017Z,0
CVE-2024-2577,https://securityvulnerability.io/vulnerability/CVE-2024-2577,Authorization Bypass Vulnerability in SourceCodester Employee Task Management System,"A serious vulnerability has been identified in the SourceCodester Employee Task Management System version 1.0, specifically within the /update-employee.php file. This vulnerability allows a remote attacker to manipulate the 'admin_id' parameter, leading to unauthorized access and potential control over the system. Given its critical nature, exploitation of this vulnerability could result in significant security risks for organizations relying on this software for effective employee task management. It is crucial for users to assess their systems and apply necessary patches to mitigate risks associated with this vulnerability.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T02:31:04.000Z,true,false,false,,2024-03-18T02:31:04.259Z,0
CVE-2024-2576,https://securityvulnerability.io/vulnerability/CVE-2024-2576,Authorization Bypass in SourceCodester Employee Task Management System,"A serious vulnerability has been identified in the SourceCodester Employee Task Management System 1.0, specifically affecting the /update-admin.php file. The vulnerability allows for an authorization bypass via manipulation of the 'admin_id' argument, enabling unauthorized users to access admin functionalities. This security flaw permits remote attackers to exploit the system without needing physical access, raising significant concerns for data integrity and privacy. Publicly disclosed exploits mean that this vulnerability can be quickly utilized by malicious parties, making immediate attention and remediation critical for affected organizations. For more details, refer to the [VDB-257079 entry](https://vuldb.com/?id.257079) and the [Github Exploit Guide](https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-admin.php.md).",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T02:00:10.000Z,true,false,false,,2024-03-18T02:00:10.656Z,0
CVE-2024-2575,https://securityvulnerability.io/vulnerability/CVE-2024-2575,Authorization Bypass in SourceCodester Employee Task Management System,"A serious vulnerability has been identified within the SourceCodester Employee Task Management System 1.0 that affects the functionality of the /task-details.php file. The flaw allows attackers to bypass authorization controls by manipulating the task_id parameter. This exploitation can be carried out remotely, posing significant security risks to environments utilizing the affected version of the product. The vulnerability has been publicly disclosed, increasing the chances of malicious exploitation. It is crucial for users and administrators of the Employee Task Management System to implement security measures and updates to mitigate potential risks associated with this vulnerability. For further technical insights and remediation strategies, refer to the detailed reports available on vulnerability databases.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T02:00:09.000Z,true,false,false,,2024-03-18T02:00:09.261Z,0
CVE-2024-2574,https://securityvulnerability.io/vulnerability/CVE-2024-2574,Authorization Bypass Vulnerability in SourceCodester Employee Task Management System,"A significant security vulnerability exists within the SourceCodester Employee Task Management System version 1.0, specifically within the /edit-task.php functionality. An attacker can exploit this flaw by manipulating the 'task_id' parameter, resulting in unauthorized access to restricted functionality. This vulnerability allows for an authorization bypass, which can be executed remotely without the need for advanced knowledge or permissions. The threat associated with this vulnerability has been publicly disclosed, and thorough mitigation steps should be prioritized to protect sensitive data against potential exploitation.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T01:31:03.000Z,true,false,false,,2024-03-18T01:31:03.864Z,0
CVE-2024-2573,https://securityvulnerability.io/vulnerability/CVE-2024-2573,Remote Code Execution Vulnerability in SourceCodester Employee Task Management System,"A critical vulnerability exists in the SourceCodester Employee Task Management System version 1.0, specifically within the file /task-info.php. This weakness allows an attacker to manipulate the system to perform unauthorized actions post-redirect, enabling potential remote code execution. As this vulnerability is publicly disclosed, it poses a significant risk to systems utilizing this task management application. Administrators are urged to assess their environments and implement necessary security measures to mitigate potential exploitation.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T01:00:09.000Z,true,false,false,,2024-03-18T01:00:09.843Z,0
CVE-2024-2572,https://securityvulnerability.io/vulnerability/CVE-2024-2572,Remote Code Execution Vulnerability in SourceCodester Employee Task Management System,"A significant security flaw exists in the SourceCodester Employee Task Management System version 1.0, where specific processing of the file /task-details.php enables unauthorized remote code execution. This vulnerability arises from improper handling of redirects, potentially allowing attackers to execute commands on the server after a redirect occurs. Given its nature, this vulnerability can be exploited remotely, posing a serious threat to systems running this software. Public disclosure has occurred, and the vulnerability could be leveraged by malicious actors to compromise affected systems.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T01:00:08.000Z,true,false,false,,2024-03-18T01:00:08.249Z,0
CVE-2024-2571,https://securityvulnerability.io/vulnerability/CVE-2024-2571,Execution After Redirect Vulnerability in SourceCodester Employee Task Management System,"A significant vulnerability has been discovered in the SourceCodester Employee Task Management System 1.0. This issue resides within the /manage-admin.php file, allowing for execution after a redirect. Malicious actors can exploit this flaw remotely, leading to unauthorized execution of potentially harmful code. The exploit has been publicly disclosed, increasing the urgency for users to adopt protective measures. Users of the affected software should prioritize updates and consult security advisories to mitigate risks associated with this vulnerability.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T00:31:04.000Z,true,false,false,,2024-03-18T00:31:04.252Z,0
CVE-2024-2556,https://securityvulnerability.io/vulnerability/CVE-2024-2556,SQL Injection Vulnerability in SourceCodester Employee Task Management System,"A significant vulnerability has been identified in the SourceCodester Employee Task Management System version 1.0, specifically within the attendance-info.php file. This vulnerability arises from improper validation of user-supplied input, specifically through the user_id argument, leading to SQL injection vulnerabilities. Attackers may exploit this flaw remotely, allowing them to manipulate database queries, retrieve sensitive data, or even escalate privileges within the application. The public disclosure of this vulnerability heightens the risk of its exploitation, emphasizing the urgent need for users to apply appropriate security patches and implement enhanced input validation measures.",Sourcecodester,Employee Task Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-17T08:00:06.000Z,true,false,false,,2024-03-17T08:00:06.613Z,0
CVE-2024-2555,https://securityvulnerability.io/vulnerability/CVE-2024-2555,SQL Injection Vulnerability in SourceCodester Employee Task Management System,"A severe vulnerability has been identified in the SourceCodester Employee Task Management System version 1.0, specifically in the update-admin.php file. This vulnerability arises from improper handling of the 'admin_id' parameter, which allows for SQL injection. This flaw enables attackers to execute arbitrary SQL queries against the database, potentially compromising sensitive information and system integrity. The vulnerability can be exploited remotely, making it crucial for organizations using this software to apply patches and enhance their security measures immediately.",Sourcecodester,Employee Task Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-17T06:31:04.000Z,true,false,false,,2024-03-17T06:31:04.155Z,0
CVE-2024-2554,https://securityvulnerability.io/vulnerability/CVE-2024-2554,SQL Injection Vulnerability in SourceCodester Employee Task Management System,"A critical security vulnerability has been identified in the SourceCodester Employee Task Management System version 1.0. The vulnerability resides in the 'update-employee.php' file, allowing attackers to manipulate the 'admin_id' argument. This manipulation can lead to SQL injection exploits, which permit unauthorized access to the system's database. As this vulnerability can be exploited remotely, it poses a significant risk to users of the Employee Task Management System. It is crucial for organizations to implement the necessary security measures to mitigate the potential impacts of this vulnerability, considering that it has already been disclosed and may be actively exploited by malicious actors.",Sourcecodester,Employee Task Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-17T04:31:04.000Z,true,false,false,,2024-03-17T04:31:04.177Z,0
CVE-2024-2394,https://securityvulnerability.io/vulnerability/CVE-2024-2394,Unrestricted File Upload Vulnerability in Employee Management System 1.0,A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256454 is the identifier assigned to this vulnerability.,Sourcecodester,Employee Management System,4.7,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-12T14:31:04.000Z,true,false,false,,2024-03-12T14:31:04.079Z,0
CVE-2024-1876,https://securityvulnerability.io/vulnerability/CVE-2024-1876,SourceCodester Employee Management System psubmit.php sql injection,"An SQL injection vulnerability exists in the SourceCodester Employee Management System 1.0 specifically targeting the psubmit.php file. This allows attackers to manipulate the 'pid' parameter through crafted inputs, facilitating unauthorized SQL commands. The attack can be executed remotely, potentially exposing sensitive information and compromising the integrity of the database. As this vulnerability has been publicly disclosed, immediate action is advised to safeguard critical data from exploitation. Organizations using the affected version should consider applying necessary patches or updates to mitigate risks.",Sourcecodester,Employee Management System,9.8,CRITICAL,0.000750000006519258,false,,false,false,true,2024-02-26T16:27:00.000Z,true,false,false,,2024-02-26T16:27:00.000Z,0
CVE-2024-1871,https://securityvulnerability.io/vulnerability/CVE-2024-1871,Cross Site Scripting Vulnerability in Employee Management System 1.0,"A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254694 is the identifier assigned to this vulnerability.",Sourcecodester,Employee Management System,5.4,MEDIUM,0.0005699999746866524,false,,false,false,true,2024-02-26T16:27:00.000Z,true,false,false,,2024-02-26T16:27:00.000Z,0
CVE-2024-1878,https://securityvulnerability.io/vulnerability/CVE-2024-1878,SQL Injection Vulnerability in SourceCodester Employee Management System,"A vulnerability has been discovered within the SourceCodester Employee Management System 1.0 that exposes a critical security risk through an SQL injection flaw found in the /myprofile.php file. This attack exploits the manipulation of the 'id' parameter by injecting code, such as '1%20or%201=1', which allows an attacker to execute arbitrary SQL commands within the database. As a result, unauthorized users may gain access to sensitive information, modify data, or potentially take full control of the underlying database. Remedial actions should be taken promptly to mitigate the risk associated with this vulnerability. For more information, visit VDB-254726.",Sourcecodester,Employee Management System,8.8,HIGH,0.0008099999977275729,false,,false,false,true,2024-02-26T01:00:08.000Z,true,false,false,,2024-02-26T01:00:08.071Z,0
CVE-2024-1877,https://securityvulnerability.io/vulnerability/CVE-2024-1877,SQL Injection Vulnerability in SourceCodester Employee Management System,"A vulnerability has been identified in the SourceCodester Employee Management System version 1.0, specifically affecting the /cancel.php file. This flaw allows for SQL injection via manipulation of the 'id' parameter with an input string such as '1%20or%201=1'. This type of attack can be executed remotely, which raises serious security concerns for users. As the exploit has already been publicly disclosed, it is essential for organizations utilizing this system to assess their defenses and implement necessary mitigations against potential unauthorized access or data breaches.",Sourcecodester,Employee Management System,8.8,HIGH,0.0008099999977275729,false,,false,false,true,2024-02-26T01:00:06.000Z,true,false,false,,2024-02-26T01:00:06.568Z,0
CVE-2024-1833,https://securityvulnerability.io/vulnerability/CVE-2024-1833,SQL Injection Vulnerability in SourceCodester Employee Management System,"A security vulnerability has been identified in the SourceCodester Employee Management System version 1.0, related to the file /Account/login.php. This vulnerability allows attackers to manipulate the txtusername parameter, enabling SQL injection attacks. Such an attack can be executed remotely, potentially compromising the application's database and sensitive user information. The details of this exploitation have been made public, heightening concerns for users of the affected system. It is crucial for organizations using this product to implement necessary security measures to mitigate this risk and protect their data.",Sourcecodester,Employee Management System,9.8,CRITICAL,0.0012100000167265534,false,,false,false,true,2024-02-23T19:31:06.000Z,true,false,false,,2024-02-23T19:31:06.771Z,0
CVE-2024-1011,https://securityvulnerability.io/vulnerability/CVE-2024-1011,SourceCodester Employee Management System Leave delete-leave.php access control,"A vulnerability has been identified in the SourceCodester Employee Management System version 1.0, specifically within the file delete-leave.php related to the Leave Handler component. The issue stems from improper access control mechanisms, allowing potentially unauthorized remote users to manipulate the id argument. This vulnerability can be exploited publicly, posing a risk to data integrity and application security. Developers and system administrators should implement appropriate measures to restrict access and validate user permissions to mitigate this vulnerability.",SourceCodester,Employee Management System,8.8,HIGH,0.0011500000255182385,false,,false,false,true,2024-01-29T17:00:06.000Z,true,false,false,,2024-01-29T17:00:06.067Z,0
CVE-2024-1010,https://securityvulnerability.io/vulnerability/CVE-2024-1010,SourceCodester Employee Management System edit-profile.php cross site scripting,A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279.,SourceCodester,Employee Management System,5.4,MEDIUM,0.0018100000452250242,false,,false,false,true,2024-01-29T16:31:05.000Z,true,false,false,,2024-01-29T16:31:05.461Z,0
CVE-2024-1009,https://securityvulnerability.io/vulnerability/CVE-2024-1009,SourceCodester Employee Management System login.php sql injection,"A SQL injection vulnerability has been identified in SourceCodester's Employee Management System version 1.0. The issue stems from the manipulation of the parameter 'txtusername' in the /Admin/login.php file, allowing unauthorized users to execute arbitrary SQL queries. This vulnerability can be exploited remotely, posing a significant risk to the integrity and confidentiality of the application's data. The issue has been publicly disclosed, highlighting the urgency for organizations utilizing this product to implement necessary security measures and updates.",SourceCodester,Employee Management System,9.8,CRITICAL,0.0012499999720603228,false,,false,false,true,2024-01-29T16:31:04.000Z,true,false,false,,2024-01-29T16:31:04.245Z,0
CVE-2024-1008,https://securityvulnerability.io/vulnerability/CVE-2024-1008,SourceCodester Employee Management System Profile Page edit-photo.php unrestricted upload,"In the SourceCodester Employee Management System version 1.0, a vulnerability exists within the edit-photo.php functionality of the Profile Page component. This flaw permits an unauthorized user to upload files without restrictions, leading to significant security risks. The vulnerability is exploitable remotely, allowing attackers to potentially execute malicious code or perform unauthorized actions on the web server. Due to public disclosure, the urgency for organizations using this software to implement protective measures against potential attacks is heightened. Regular monitoring and timely updates are essential to safeguard sensitive data and maintain system integrity.",SourceCodester,Employee Management System,7.2,HIGH,0.0013200000394135714,false,,false,false,true,2024-01-29T16:00:07.000Z,true,false,false,,2024-01-29T16:00:07.104Z,0
CVE-2024-1007,https://securityvulnerability.io/vulnerability/CVE-2024-1007,SourceCodester Employee Management System edit_profile.php sql injection,"The Employee Management System by SourceCodester has a vulnerability located in the edit_profile.php file, specifically tied to the manipulation of the txtfullname argument. This flaw allows for SQL injection attacks to be executed remotely, creating opportunities for unauthorized access to the system's database. The vulnerability has been publicly disclosed, heightening the urgency for users to secure their installations and apply any necessary patches or mitigations.",SourceCodester,Employee Management System,7.2,HIGH,0.0013200000394135714,false,,false,false,true,2024-01-29T16:00:05.000Z,true,false,false,,2024-01-29T16:00:05.978Z,0
CVE-2023-0903,https://securityvulnerability.io/vulnerability/CVE-2023-0903,SourceCodester Employee Task Management System edit-task.php sql injection,A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.,Sourcecodester,Employee Task Management System,5,MEDIUM,0.0026599999982863665,false,,false,false,false,,,false,false,,2023-02-18T08:15:00.000Z,0