PT-2024-16830 · Sourcecodester · Sourcecodester Best Employee Management System+1
Physicszq
·
Published
2024-11-14
·
Updated
2024-11-19
·
CVE-2024-11212
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Best Employee Management System version 1.0
SourceCodester 442035.0
Description
A critical issue has been found in the software, affecting some unknown functionality of the file /admin/fetch product details.php. The manipulation of the
barcode argument leads to SQL injection. The attack may be launched remotely.Recommendations
For SourceCodester Best Employee Management System version 1.0, update to the latest release to mitigate risks.
For SourceCodester 442035.0, update to the latest version immediately to mitigate risks.
As a temporary workaround, consider validating all inputs to the
/admin/fetch product details.php endpoint, specifically the barcode parameter, until a patch is available.
Avoid using the barcode parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester 442035.0
Sourcecodester Best Employee Management System