PT-2024-20424 · Unknown · Employee Management System
Published
2024-02-08
·
Updated
2024-04-24
·
CVE-2024-24499
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Employee Management System version 1.0
Description
The issue allows a remote attacker to execute arbitrary SQL commands via the
txtfullname and txtphone parameters in the "edit profile.php" component.Recommendations
For Employee Management System version 1.0, consider restricting access to the
edit profile.php component until a patch is available. As a temporary workaround, avoid using the txtfullname and txtphone parameters in the affected component to minimize the risk of exploitation.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Employee Management System