SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.
References
Configurations
History
21 Nov 2024, 06:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/PHPGURUKUL/ANUJ%20KUMAR/Employee-Record-Management-System-SQL-Injection-Bypass-Authentication - Exploit, Third Party Advisory |
25 Sep 2023, 16:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Phpgurukul
Phpgurukul employee Record Management System |
|
CPE | cpe:2.3:a:phpgurukul:employee_record_management_system:1.2:*:*:*:*:*:*:* |
Information
Published : 2021-12-13 15:15
Updated : 2024-11-21 06:31
NVD link : CVE-2021-44966
Mitre link : CVE-2021-44966
CVE.ORG link : CVE-2021-44966
JSON object : View
Products Affected
phpgurukul
- employee_record_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')