SQL Injection Vulnerability in Itsourcecode Payroll Management System
CVE-2024-37873

9.8CRITICAL

Key Information:

Vendor
Itsourcecode
Status
Payroll Management System Project In PHP With Source Code
Vendor
CVE Published:
9 July 2024

Summary

The Itsourcecode Payroll Management System Project has been identified with a vulnerability allowing SQL injection through the view_payslip.php file. This vulnerability arises from improper handling of the 'id' parameter, enabling remote attackers to execute arbitrary SQL queries. Such exploitation can lead to unauthorized access to database content, manipulation of data, or complete system compromise. Users and administrators of this software should take immediate steps to patch their systems to mitigate potential risks.

References

https://github.com/TThuyyy/cve1/issues/2

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-37873 : SQL Injection Vulnerability in Itsourcecode Payroll Management System | SecurityVulnerability.io