PT-2025-4071 · Unknown · 1000 Projects Employee Task Management System
Onupset
·
Published
2025-01-30
·
Updated
2025-02-04
·
CVE-2025-0846
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
1000 Projects Employee Task Management System version 1.0
Description
A critical issue affects the /admin/AdminLogin.php file, where the manipulation of the
email argument leads to sql injection. This issue can be initiated remotely. The exploit has been disclosed to the public and may be used.Recommendations
1000 Projects Employee Task Management System version 1.0: Update the /admin/AdminLogin.php file to properly sanitize the
email argument and prevent sql injection.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1000 Projects Employee Task Management System