PT-2021-24187 · Unknown · Phpgurukul Employee Record Management System
Published
2021-12-13
·
Updated
2023-09-25
·
CVE-2021-44966
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
PHPGURUKUL Employee Record Management System version 1.2
Description:
The issue allows an attacker to bypass authentication via SQL injection in the index.php file, potentially granting access to an admin account. This could enable the attacker to destroy, change, or manipulate sensitive information on the system.
Recommendations:
For PHPGURUKUL Employee Record Management System version 1.2, consider disabling access to the index.php file until a patch is available to prevent SQL injection attacks. Restrict access to sensitive information and admin accounts to minimize the risk of exploitation.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Employee Record Management System