SQL Injection Vulnerability in Employee Record Management System by PHP Gurukul
CVE-2021-37782

9.8CRITICAL

Key Information:

Vendor: PHPgurukul
Status: Employee Record Management System
Vendor: CVE Published:; 28 October 2022

What is CVE-2021-37782?

The Employee Record Management System version 1.2 contains a vulnerability that allows attackers to execute arbitrary SQL queries via the 'editempprofile.php' file. This flaw can potentially expose sensitive employee data and compromise the integrity of the database. Organizations using this software are urged to review their implementation and patch the vulnerability to safeguard against unauthorized access to critical information.

References

https://phpgurukul.com/employee-record-management-system-...

https://github.com/BigTiger2020/Employee-Record-Managemen...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2022
Vulnerability Reserved
Aug 2, 2021

PHPgurukul

What is CVE-2021-37782?

References

CVSS V3.1

Timeline