Primary

Context

Mayuri K Employee Management System SQL Injection Vulnerability in Update_User.php

Vulnerability

A critical SQL injection vulnerability has been identified in the Mayuri K Employee Management System, affecting versions up to 192.168.70.3. The issue arises in the file '/hr_soft/admin/Update_User.php', where the 'id' parameter can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, potentially allowing attackers to access or modify sensitive database information.

Impact

Exploitation of this vulnerability allows for blind SQL injection, where attackers can execute SQL commands that could lead to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a POST request to '/hr_soft/admin/Update_User.php' with an injected payload in the 'id' parameter. The injection can be crafted to exploit SQL query handling, such as using 'RLIKE' with a 'CASE' statement to verify the injection's success.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mayuri K Employee Management System SQL Injection Vulnerability in Update_User.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating