cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2577,https://securityvulnerability.io/vulnerability/CVE-2024-2577,Authorization Bypass Vulnerability in SourceCodester Employee Task Management System,"A serious vulnerability has been identified in the SourceCodester Employee Task Management System version 1.0, specifically within the /update-employee.php file. This vulnerability allows a remote attacker to manipulate the 'admin_id' parameter, leading to unauthorized access and potential control over the system. Given its critical nature, exploitation of this vulnerability could result in significant security risks for organizations relying on this software for effective employee task management. It is crucial for users to assess their systems and apply necessary patches to mitigate risks associated with this vulnerability.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T02:31:04.000Z,true,false,false,,2024-03-18T02:31:04.259Z,0
CVE-2024-2576,https://securityvulnerability.io/vulnerability/CVE-2024-2576,Authorization Bypass in SourceCodester Employee Task Management System,"A serious vulnerability has been identified in the SourceCodester Employee Task Management System 1.0, specifically affecting the /update-admin.php file. The vulnerability allows for an authorization bypass via manipulation of the 'admin_id' argument, enabling unauthorized users to access admin functionalities. This security flaw permits remote attackers to exploit the system without needing physical access, raising significant concerns for data integrity and privacy. Publicly disclosed exploits mean that this vulnerability can be quickly utilized by malicious parties, making immediate attention and remediation critical for affected organizations. For more details, refer to the [VDB-257079 entry](https://vuldb.com/?id.257079) and the [Github Exploit Guide](https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-admin.php.md).",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T02:00:10.000Z,true,false,false,,2024-03-18T02:00:10.656Z,0
CVE-2024-2575,https://securityvulnerability.io/vulnerability/CVE-2024-2575,Authorization Bypass in SourceCodester Employee Task Management System,"A serious vulnerability has been identified within the SourceCodester Employee Task Management System 1.0 that affects the functionality of the /task-details.php file. The flaw allows attackers to bypass authorization controls by manipulating the task_id parameter. This exploitation can be carried out remotely, posing significant security risks to environments utilizing the affected version of the product. The vulnerability has been publicly disclosed, increasing the chances of malicious exploitation. It is crucial for users and administrators of the Employee Task Management System to implement security measures and updates to mitigate potential risks associated with this vulnerability. For further technical insights and remediation strategies, refer to the detailed reports available on vulnerability databases.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T02:00:09.000Z,true,false,false,,2024-03-18T02:00:09.261Z,0
CVE-2024-2574,https://securityvulnerability.io/vulnerability/CVE-2024-2574,Authorization Bypass Vulnerability in SourceCodester Employee Task Management System,"A significant security vulnerability exists within the SourceCodester Employee Task Management System version 1.0, specifically within the /edit-task.php functionality. An attacker can exploit this flaw by manipulating the 'task_id' parameter, resulting in unauthorized access to restricted functionality. This vulnerability allows for an authorization bypass, which can be executed remotely without the need for advanced knowledge or permissions. The threat associated with this vulnerability has been publicly disclosed, and thorough mitigation steps should be prioritized to protect sensitive data against potential exploitation.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T01:31:03.000Z,true,false,false,,2024-03-18T01:31:03.864Z,0
CVE-2024-2573,https://securityvulnerability.io/vulnerability/CVE-2024-2573,Remote Code Execution Vulnerability in SourceCodester Employee Task Management System,"A critical vulnerability exists in the SourceCodester Employee Task Management System version 1.0, specifically within the file /task-info.php. This weakness allows an attacker to manipulate the system to perform unauthorized actions post-redirect, enabling potential remote code execution. As this vulnerability is publicly disclosed, it poses a significant risk to systems utilizing this task management application. Administrators are urged to assess their environments and implement necessary security measures to mitigate potential exploitation.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T01:00:09.000Z,true,false,false,,2024-03-18T01:00:09.843Z,0
CVE-2024-2572,https://securityvulnerability.io/vulnerability/CVE-2024-2572,Remote Code Execution Vulnerability in SourceCodester Employee Task Management System,"A significant security flaw exists in the SourceCodester Employee Task Management System version 1.0, where specific processing of the file /task-details.php enables unauthorized remote code execution. This vulnerability arises from improper handling of redirects, potentially allowing attackers to execute commands on the server after a redirect occurs. Given its nature, this vulnerability can be exploited remotely, posing a serious threat to systems running this software. Public disclosure has occurred, and the vulnerability could be leveraged by malicious actors to compromise affected systems.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T01:00:08.000Z,true,false,false,,2024-03-18T01:00:08.249Z,0
CVE-2024-2571,https://securityvulnerability.io/vulnerability/CVE-2024-2571,Execution After Redirect Vulnerability in SourceCodester Employee Task Management System,"A significant vulnerability has been discovered in the SourceCodester Employee Task Management System 1.0. This issue resides within the /manage-admin.php file, allowing for execution after a redirect. Malicious actors can exploit this flaw remotely, leading to unauthorized execution of potentially harmful code. The exploit has been publicly disclosed, increasing the urgency for users to adopt protective measures. Users of the affected software should prioritize updates and consult security advisories to mitigate risks associated with this vulnerability.",Sourcecodester,Employee Task Management System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-03-18T00:31:04.000Z,true,false,false,,2024-03-18T00:31:04.252Z,0
CVE-2024-2556,https://securityvulnerability.io/vulnerability/CVE-2024-2556,SQL Injection Vulnerability in SourceCodester Employee Task Management System,"A significant vulnerability has been identified in the SourceCodester Employee Task Management System version 1.0, specifically within the attendance-info.php file. This vulnerability arises from improper validation of user-supplied input, specifically through the user_id argument, leading to SQL injection vulnerabilities. Attackers may exploit this flaw remotely, allowing them to manipulate database queries, retrieve sensitive data, or even escalate privileges within the application. The public disclosure of this vulnerability heightens the risk of its exploitation, emphasizing the urgent need for users to apply appropriate security patches and implement enhanced input validation measures.",Sourcecodester,Employee Task Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-17T08:00:06.000Z,true,false,false,,2024-03-17T08:00:06.613Z,0
CVE-2024-2555,https://securityvulnerability.io/vulnerability/CVE-2024-2555,SQL Injection Vulnerability in SourceCodester Employee Task Management System,"A severe vulnerability has been identified in the SourceCodester Employee Task Management System version 1.0, specifically in the update-admin.php file. This vulnerability arises from improper handling of the 'admin_id' parameter, which allows for SQL injection. This flaw enables attackers to execute arbitrary SQL queries against the database, potentially compromising sensitive information and system integrity. The vulnerability can be exploited remotely, making it crucial for organizations using this software to apply patches and enhance their security measures immediately.",Sourcecodester,Employee Task Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-17T06:31:04.000Z,true,false,false,,2024-03-17T06:31:04.155Z,0
CVE-2024-2554,https://securityvulnerability.io/vulnerability/CVE-2024-2554,SQL Injection Vulnerability in SourceCodester Employee Task Management System,"A critical security vulnerability has been identified in the SourceCodester Employee Task Management System version 1.0. The vulnerability resides in the 'update-employee.php' file, allowing attackers to manipulate the 'admin_id' argument. This manipulation can lead to SQL injection exploits, which permit unauthorized access to the system's database. As this vulnerability can be exploited remotely, it poses a significant risk to users of the Employee Task Management System. It is crucial for organizations to implement the necessary security measures to mitigate the potential impacts of this vulnerability, considering that it has already been disclosed and may be actively exploited by malicious actors.",Sourcecodester,Employee Task Management System,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-03-17T04:31:04.000Z,true,false,false,,2024-03-17T04:31:04.177Z,0
CVE-2023-0903,https://securityvulnerability.io/vulnerability/CVE-2023-0903,SourceCodester Employee Task Management System edit-task.php sql injection,A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.,Sourcecodester,Employee Task Management System,5,MEDIUM,0.0026599999982863665,false,,false,false,false,,,false,false,,2023-02-18T08:15:00.000Z,0
CVE-2023-0905,https://securityvulnerability.io/vulnerability/CVE-2023-0905,SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication,"A vulnerability exists in the Employee Task Management System developed by SourceCodester, specifically within the functionality around changing employee passwords in the changePasswordForEmployee.php file. This flaw allows attackers to bypass authentication mechanisms, potentially leading to unauthorized access to sensitive employee data. The vulnerability can be exploited remotely, making it critical for organizations using this system to apply appropriate security measures to mitigate the risk. The details regarding this vulnerability have been publicly disclosed, raising concerns for those utilizing the affected versions of the software.",SourceCodester,Employee Task Management System,7.5,HIGH,0.0031799999997019768,false,,false,false,false,,,false,false,,2023-02-18T08:15:00.000Z,0
CVE-2023-0904,https://securityvulnerability.io/vulnerability/CVE-2023-0904,SourceCodester Employee Task Management System task-details.php sql injection,"A SQL injection vulnerability exists in the Employee Task Management System by SourceCodester, specifically affecting the processing within the file task-details.php. An attacker could manipulate the task_id parameter, enabling unauthorized SQL queries to be executed on the database. This vulnerability may be exploited remotely, potentially compromising sensitive data. The public disclosure of this issue highlights the urgency for affected users to apply necessary patches or updates to safeguard their systems.",SourceCodester,Employee Task Management System,8.8,HIGH,0.002730000065639615,false,,false,false,false,,,false,false,,2023-02-18T08:15:00.000Z,0