vendor:
Employee Management System
by:
Ankita Pal
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Employee Management System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:employee_management_system
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 10 + xampp v3.2.4
2020
Employee Management System 1.0 – Authentication Bypass
An attacker can bypass authentication by using the payload anki' or 1=1# for both username and password in the login page of the application.
Mitigation:
Implement strong authentication mechanisms and use secure password policies.
