CVE-2024-24499 Information

Feb 09, 2024 cve

Description

SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component.

Reference

https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-SQL_Injection_Admin_Update_Profile.md

Share on: