Enviar #666326: itsourcecode Leave Management System in PHP v1 SQL Injectioninformación

Títuloitsourcecode Leave Management System in PHP v1 SQL Injection
DescripciónThe password reset endpoint is vulnerable to unauthenticated SQL injection. The backend concatenates the employid parameter into WHERE EMPLOYID=... without quotes, allowing conditions like 0 OR 1=1 to evaluate as true for all rows. An attacker can mass-reset all employee passwords to an arbitrary value and take over accounts. Severity: Critical; impact: organization-wide account compromise.
Fuente⚠️ https://github.com/romatdibrohiksnov/vulndb.com/tree/main/itsourcecode%20leave%20management%20system%20Bulk%20Password%20Reset%20SQL%20Injection
Usuario
 px_kanten (UID 90960)
Sumisión2025-10-01 11:07 (hace 9 meses)
Moderación2025-10-07 15:01 (6 days later)
EstadoAceptado
Entrada de VulDB327369 [itsourcecode Leave Management System 1.0 /reset.php employid inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!