SQL Injection Vulnerability in Itsourcecode Payroll Management System
CVE-2024-37831

9.8CRITICAL

Key Information:

Vendor: Itsourcecode
Status: Payroll Management System
Vendor: CVE Published:; 14 June 2024

Summary

The Itsourcecode Payroll Management System version 1.0 is affected by a SQL Injection vulnerability that can be exploited through the ID parameter in the payroll_items.php file. This flaw allows unauthorized access to the database, potentially permitting attackers to execute arbitrary SQL code. Exploiting this vulnerability could lead to data leakage, manipulation of payroll data, or unauthorized account access, emphasizing the urgency for users of the affected version to implement necessary security measures.

References

https://github.com/ganzhi-qcy/cve/issues/5

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Jun 10, 2024