Primary

Context

SourceCodester Best Employee Management System Authorization Bypass Vulnerability

Vulnerability

An authorization bypass vulnerability has been identified in SourceCodester Best Employee Management System version 1.0. The issue arises in the file /admin/salary_slip.php, where improper handling of the 'id' argument allows for unauthorized access. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unauthorized access to the salary slip management functionality, potentially leading to unauthorized viewing or manipulation of salary data.

Reproduction

To reproduce this vulnerability, send a POST request to /admin/salary_slip.php with the 'id' parameter set to a valid value. This request can be made using a tool like Postman or through a simple script that automates the process.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester Best Employee Management System Authorization Bypass Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

SourceCodester Best Employee Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating