CVE-2023-1845

Name of the Vulnerable Software and Affected Versions SourceCodester Online Payroll System version 1.0

Description A critical issue was found in the SourceCodester Online Payroll System, affecting an unknown part of the file /admin/employee row.php. The manipulation of the id argument leads to SQL injection. It is possible to initiate the attack remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. The API endpoint "/admin/employee row.php" is affected, with the id argument being vulnerable to SQL injection.

Recommendations For SourceCodester Online Payroll System version 1.0, consider disabling access to the "/admin/employee row.php" endpoint until a patch is available. Restrict the use of the id argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.