PT-2024-20422 · Unknown · Employee Management System
Published
2024-02-08
·
Updated
2024-04-24
·
CVE-2024-24497
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Employee Management System version 1.0
Description
The issue allows a remote attacker to execute arbitrary SQL commands via the
txtusername and txtpassword parameters in the "login.php" component. This enables the attacker to manipulate the database, potentially leading to unauthorized access or data modification.Recommendations
For Employee Management System version 1.0, consider disabling the login functionality until a patch is available, or restrict access to the "login.php" component to minimize the risk of exploitation. Avoid using the
txtusername and txtpassword parameters in the affected component until the issue is resolved.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Employee Management System