Sherlock Employee Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Sherlock Employee Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-25214 — CVSS 9.8 (critical): An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and…
CVE-2024-25215 — CVSS 9.8 (critical): Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
CVE-2024-25216 — CVSS 9.8 (critical): Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.
CVE-2024-25212 — CVSS 7.2 (high): Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.
CVE-2024-25213 — CVSS 7.2 (high): Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.