A SQL injection vulnerability exists in code-projects Employee Management System 1.0, specifically in the /psubmit.php file via the pid parameter. The vulnerability allows remote attackers to manipulate database queries. The CVSS 4.0 vector indicates network attack vector with low attack complexity, low privileges required, and no user interaction needed. The vulnerability has been publicly disclosed with [truncated]
A SQL injection vulnerability exists in code-projects Employee Management System 1.0, affecting the /changepassemp.php file. The vulnerability allows remote attackers to manipulate SQL queries through unspecified input parameters. The CVSS 4.0 score of 2.1 reflects low severity with network attack vector, low attack complexity, and required privileges. The vulnerability was published on May 25, 2026, with [truncated]
A cross-site scripting (XSS) vulnerability exists in code-projects Employee Management System 1.0, specifically within the /changepassemp.php file. The vulnerability stems from improper handling of the ID parameter, allowing remote attackers to inject malicious scripts. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no required privileges, but requires user interaction, with p [truncated]
