| Title | https://www.sourcecodester.com/users/walterjnr1 https://www.sourcecodester.com/php/16999/employee-management-system.html v1.0 Authenticated SQL Injection in edit_profile.php |
|---|
| Description | An authenticated SQL injection vulnerability was found in the function called "edit_profile.php" during some tests carried out on the Employee Management System application.
With this vulnerability, any authenticated user can make a dump of all databases, being able to access password, email, telephone, etc. |
|---|
| Source | ⚠️ https://www.youtube.com/watch?v=1yesMwvWcL4 |
|---|
| User | mtzsec (UID 52162) |
|---|
| Submission | 01/24/2024 03:33 (2 years ago) |
|---|
| Moderation | 01/29/2024 08:15 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252276 [SourceCodester Employee Management System 1.0 edit_profile.php txtfullname sql injection] |
|---|
| Points | 15 |
|---|