PT-2025-4072 · Unknown · 1000 Projects Employee Task Management System
Onupset
·
Published
2025-01-30
·
Updated
2025-01-30
·
CVE-2025-0847
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
1000 Projects Employee Task Management System version 1.0
Description
A critical issue affects the Login component of the system, specifically the file /index.php. The manipulation of the
email argument leads to sql injection. This issue can be initiated remotely. The exploit has been disclosed to the public and may be used.Recommendations
1000 Projects Employee Task Management System version 1.0: Update the /index.php file to properly sanitize the
email argument and prevent sql injection.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1000 Projects Employee Task Management System