Online Leave Management System Project - Online Leave Management System CVE

Filtered by vendor Online Leave Management System Project Subscribe

Filtered by product Online Leave Management System

Total 12 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-45009	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-45008	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	4.8 MEDIUM
Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.
CVE-2022-43179	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=.
CVE-2022-41379	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-41355	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department.
CVE-2022-40928	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application.
CVE-2022-40927	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation.
CVE-2022-40926	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type.
CVE-2022-38304	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php.
CVE-2022-38303	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.
CVE-2022-38302	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	N/A	7.2 HIGH
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php.
CVE-2021-40595	1 Online Leave Management System Project	1 Online Leave Management System	2024-11-21	7.5 HIGH	9.8 CRITICAL
SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.

Vulnerabilities (CVE)