Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by employee_payslip_generator_system_project

    CVE-2023-1796 (GCVE-0-2023-1796)

    Vulnerability from nvd – Published: 2023-04-02 09:00 – Updated: 2024-11-22 21:49
    VLAI
    Title
    SourceCodester Employee Payslip Generator Create News cross site scripting
    Summary
    A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.224748 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.224748 signaturepermissions-required
    https://github.com/Jean-Astruc/bug_report/blob/ma… exploit
    Impacted products
    Credits
    Jean_Astruc (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:25.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.224748"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.224748"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/Jean-Astruc/bug_report/blob/main/XSS-1.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1796",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T21:48:58.629901Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T21:49:09.156Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Create News Handler"
              ],
              "product": "Employee Payslip Generator",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "Jean_Astruc (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input \u003cscript\u003ealert(document.cookie)\u003c/script\u003e leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in SourceCodester Employee Payslip Generator 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /classes/Master.php?f=save_position der Komponente Create News Handler. Durch das Manipulieren des Arguments name mit der Eingabe \u003cscript\u003ealert(document.cookie)\u003c/script\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-21T14:33:08.580Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.224748"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.224748"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Jean-Astruc/bug_report/blob/main/XSS-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-02T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-02T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-02T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-04-21T14:07:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Employee Payslip Generator Create News cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1796",
        "datePublished": "2023-04-02T09:00:06.561Z",
        "dateReserved": "2023-04-02T07:15:32.761Z",
        "dateUpdated": "2024-11-22T21:49:09.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1360 (GCVE-0-2023-1360)

    Vulnerability from nvd – Published: 2023-03-12 08:31 – Updated: 2025-02-27 19:16
    VLAI
    Title
    SourceCodester Employee Payslip Generator with Sending Mail New User Creation sql injection
    Summary
    A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.222863 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.222863 signaturepermissions-required
    https://blog.0xgabe.com/?p=90 exploit
    Impacted products
    Credits
    Gab3 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:10.335Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.222863"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.222863"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://blog.0xgabe.com/?p=90"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T19:16:30.807908Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T19:16:38.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "New User Creation"
              ],
              "product": "Employee Payslip Generator with Sending Mail",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "Gab3 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei classes/Users.php?f=save der Komponente New User Creation. Durch die Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-21T08:19:35.952Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.222863"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.222863"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://blog.0xgabe.com/?p=90"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-03-12T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-03-12T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-04-04T14:42:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Employee Payslip Generator with Sending Mail New User Creation sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1360",
        "datePublished": "2023-03-12T08:31:02.981Z",
        "dateReserved": "2023-03-12T07:16:34.132Z",
        "dateUpdated": "2025-02-27T19:16:38.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1796 (GCVE-0-2023-1796)

    Vulnerability from cvelistv5 – Published: 2023-04-02 09:00 – Updated: 2024-11-22 21:49
    VLAI
    Title
    SourceCodester Employee Payslip Generator Create News cross site scripting
    Summary
    A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.224748 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.224748 signaturepermissions-required
    https://github.com/Jean-Astruc/bug_report/blob/ma… exploit
    Impacted products
    Credits
    Jean_Astruc (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:25.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.224748"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.224748"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/Jean-Astruc/bug_report/blob/main/XSS-1.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1796",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T21:48:58.629901Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-22T21:49:09.156Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Create News Handler"
              ],
              "product": "Employee Payslip Generator",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "Jean_Astruc (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input \u003cscript\u003ealert(document.cookie)\u003c/script\u003e leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in SourceCodester Employee Payslip Generator 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /classes/Master.php?f=save_position der Komponente Create News Handler. Durch das Manipulieren des Arguments name mit der Eingabe \u003cscript\u003ealert(document.cookie)\u003c/script\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-21T14:33:08.580Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.224748"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.224748"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Jean-Astruc/bug_report/blob/main/XSS-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-02T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-04-02T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-04-02T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-04-21T14:07:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Employee Payslip Generator Create News cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1796",
        "datePublished": "2023-04-02T09:00:06.561Z",
        "dateReserved": "2023-04-02T07:15:32.761Z",
        "dateUpdated": "2024-11-22T21:49:09.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1360 (GCVE-0-2023-1360)

    Vulnerability from cvelistv5 – Published: 2023-03-12 08:31 – Updated: 2025-02-27 19:16
    VLAI
    Title
    SourceCodester Employee Payslip Generator with Sending Mail New User Creation sql injection
    Summary
    A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.222863 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.222863 signaturepermissions-required
    https://blog.0xgabe.com/?p=90 exploit
    Impacted products
    Credits
    Gab3 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:10.335Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.222863"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.222863"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://blog.0xgabe.com/?p=90"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T19:16:30.807908Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T19:16:38.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "New User Creation"
              ],
              "product": "Employee Payslip Generator with Sending Mail",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "Gab3 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei classes/Users.php?f=save der Komponente New User Creation. Durch die Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-21T08:19:35.952Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.222863"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.222863"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://blog.0xgabe.com/?p=90"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-03-12T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-03-12T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-04-04T14:42:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Employee Payslip Generator with Sending Mail New User Creation sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-1360",
        "datePublished": "2023-03-12T08:31:02.981Z",
        "dateReserved": "2023-03-12T07:16:34.132Z",
        "dateUpdated": "2025-02-27T19:16:38.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }