SourceCodester Online Payroll System employee_row.php sql injection
CVE-2023-1845

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Online Payroll System
Vendor
CVE Published:
5 April 2023

Summary

A SQL injection vulnerability has been identified in SourceCodester's Online Payroll System version 1.0, specifically affecting the /admin/employee_row.php file. This issue arises from improper validation of the 'id' argument, which allows remote attackers to manipulate SQL queries executed by the application. The availability of public exploit details raises concerns for users, making it essential to patch this vulnerability promptly to prevent potential data breaches.

Affected Version(s)

Online Payroll System 1.0

References

https://vuldb.com/?id.224985
vdb-entrytechnical-description
https://vuldb.com/?ctiid.224985
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Online%20Payro...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.