PT-2025-4072 · Unknown · 1000 Projects Employee Task Management System

Onupset

Publicado

2025-01-30

Atualizado

2025-01-30

CVE-2025-0847

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 1000 Projects Employee Task Management System version 1.0

Description A critical issue affects the Login component of the system, specifically the file /index.php. The manipulation of the email argument leads to sql injection. This issue can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations 1000 Projects Employee Task Management System version 1.0: Update the /index.php file to properly sanitize the email argument and prevent sql injection.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-0847

Produtos afetados

1000 Projects Employee Task Management System

PT-2025-4072 · Unknown · 1000 Projects Employee Task Management System

CVE-2025-0847

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12