Code-Projects Human Resource Integrated System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Code-Projects Human Resource Integrated System version 1.0. The issue resides in the login_timeee.php file, where the emp_id parameter is not properly sanitized before being used in SQL queries. This flaw allows for remote exploitation of the application.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a GET request to login_timeee.php with a crafted emp_id parameter that exploits the SQL injection flaw. The absence of input validation allows for SQL injection payloads to be executed, manipulating the SQL query processing.