SQL Injection in code-projects Employee Record System 1.0
CVE-2025-4743
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 16 May 2025
Badges
What is CVE-2025-4743?
A vulnerability has been discovered in code-projects Employee Record System 1.0, allowing attackers to exploit an unknown functionality in the /dashboard/getData.php file. This vulnerability permits SQL injection through manipulation of the 'keywords' argument, enabling remote attackers to execute unauthorized SQL commands. As the exploit has been disclosed publicly, it heightens the urgency for users to implement security measures to protect against potential attacks.
Affected Version(s)
Employee Record System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved