Vulnerabilities > Sherlock > Employee Management System > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2024-25216 SQL Injection vulnerability in Sherlock Employee Management System 1.0
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.
network
low complexity
sherlock CWE-89
critical
 9.8
9.8
2024-02-14 CVE-2024-25215 SQL Injection vulnerability in Sherlock Employee Management System 1.0
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
network
low complexity
sherlock CWE-89
critical
 9.8
9.8
2024-02-14 CVE-2024-25214 SQL Injection vulnerability in Sherlock Employee Management System 1.0
An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.
network
low complexity
sherlock CWE-89
critical
 9.8
9.8