CVE-2024-2554
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
17/03/2024
Last modified:
06/03/2025
Description
A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oretnom23:employee_task_management_system:1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp
- https://vuldb.com/?ctiid_257053=
- https://vuldb.com/?id_257053=
- https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp
- https://vuldb.com/?ctiid_257053=
- https://vuldb.com/?id_257053=