CVE-2022-2723— Employee Management System SQL注入漏洞

SourceCodester Employee Management System eprocess.php sql injection

A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205836.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Employee Management System SQL注入漏洞

SourceCodester Employee Management System是SourceCodester的一个基于php的用于员工绩效管理的建站系统。 Employee Management System存在SQL注入漏洞，该漏洞源于文件/process/eprocess.php的未知函数受到影响，对参数mailuid/pwd的操作会导致sql注入。攻击可以远程发起，该漏洞利用已向公众披露并可能被使用。

N/A

N/A