PT-2022-11980 · Unknown · Sourcecodester Attendance/Payroll System
Yvvdwf
·
Published
2022-03-17
·
Updated
2022-03-24
·
CVE-2021-44088
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Attendance and Payroll System version 1.0
Description
A remote attacker can bypass authentication in the system due to an SQL Injection issue. This is possible because the login parameters are not properly sanitized, allowing for unauthorized access.
Recommendations
For Sourcecodester Attendance and Payroll System version 1.0, consider sanitizing the login parameters to prevent SQL injection attacks. As a temporary workaround, restrict access to the login functionality until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Attendance/Payroll System