Primary

Context

Code-Projects Simple Leave Manager SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Code-Projects Simple Leave Manager version 1.0. The issue resides in the file '/request.php', where the 'staff_id' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, without any authentication.

Impact

Exploitation of this vulnerability allows attackers to inject SQL queries, potentially leading to unauthorized database access, data modification or deletion, and exposure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'request.php' with the 'staff_id' parameter. The injection payload can be crafted to exploit the SQL injection vulnerability, such as by using a time-based blind SQL injection technique that leverages the SQL 'SLEEP' function.

Remediation

No specific remediation measures are known for this vulnerability.

Added: Dec 8, 2025, 8:22 AM

Updated: Dec 8, 2025, 8:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Simple Leave Manager SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating