code-projects Payroll Management System
0 remedies
cpe:2.3:a:payroll_management_system_project:payroll_management_system:*:*:*:*:*:*:*
0 remedies
- 1.0
Code-Projects Payroll Management System SQL Injection Vulnerability in Update Account File
Vulnerability
A critical SQL injection vulnerability has been identified in the Payroll Management System by Code-Projects, version 1.0. The issue resides in the 'update_account.php' file, where the 'deduction' parameter is manipulated, allowing for unrestricted SQL injection. This vulnerability can be exploited remotely, potentially affecting other parameters as well.
Impact
Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, which could lead to unauthorized data access or manipulation in the application's database.
Reproduction
To reproduce this vulnerability, send a POST request to 'update_account.php' with the 'deduction' parameter. The value of 'deduction' can be crafted to inject SQL commands, exploiting the application's SQL query handling.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
2.5exploitability
6.2remediation
0.0relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.