Vulnerabilities > Sherlock

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2024-25212 SQL Injection vulnerability in Sherlock Employee Management System 1.0
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.
network
low complexity
sherlock CWE-89
7.2
7.2
2024-02-14 CVE-2024-25213 SQL Injection vulnerability in Sherlock Employee Management System 1.0
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.
network
low complexity
sherlock CWE-89
7.2
7.2
2024-02-14 CVE-2024-25214 SQL Injection vulnerability in Sherlock Employee Management System 1.0
An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.
network
low complexity
sherlock CWE-89
critical
 9.8
9.8
2024-02-14 CVE-2024-25215 SQL Injection vulnerability in Sherlock Employee Management System 1.0
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
network
low complexity
sherlock CWE-89
critical
 9.8
9.8
2024-02-14 CVE-2024-25216 SQL Injection vulnerability in Sherlock Employee Management System 1.0
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.
network
low complexity
sherlock CWE-89
critical
 9.8
9.8
2024-01-13 CVE-2024-0503 Cross-site Scripting vulnerability in Sherlock Online FIR System 1.0
A vulnerability was found in code-projects Online FIR System 1.0.
network
low complexity
sherlock CWE-79
6.1
6.1
2023-08-09 CVE-2023-37068 SQL Injection vulnerability in Sherlock GYM Management System 1.0
Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation.
network
low complexity
sherlock CWE-89
critical
 9.8
9.8