Code Projects · Code-Projects Payroll Management System · CVE-2025-3039
**Name of the Vulnerable Software and Affected Versions**
code-projects Payroll Management System version 1.0
**Description**
A critical issue has been found, allowing for SQL injection through the manipulation of the `lname` and `fname` arguments in an unknown function of the file "/add employee.php" API endpoint. This can be exploited remotely.
**Recommendations**
For code-projects Payroll Management System version 1.0, as a temporary workaround, consider restricting the input for the `lname` and `fname` parameters in the "/add employee.php" API endpoint to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.