Code-Projects Payroll Management System SQL Injection Vulnerability in update_employee.php

Vulnerability

A critical SQL injection vulnerability has been identified in the Payroll Management System version 1.0, developed by Code-Projects. The issue arises in the file update_employee.php, where the emp_type argument can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, and there is a possibility that other parameters may also be affected.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Payroll Management System SQL Injection Vulnerability in update_employee.php

Vulnerability

Impact

Affected Products

code-projects Payroll Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating