code-projects Employee Management System approve.php sql injection

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Problem type

Affected products

code-projects

Employee Management System

1.0 - AFFECTED

References

VDB-359717 | code-projects Employee Management System approve.php sql injection

https://vuldb.com/vuln/359717

vdb-entrytechnical-description

VDB-359717 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359717/cti

signaturepermissions-required

Submit #800855 | EMPLOYEE_MANAGEMENT_SYSTEM v1.0 SQL Injection

https://vuldb.com/submit/800855

third-party-advisory

github.com

https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul9.md

exploit

code-projects.org

https://code-projects.org/

product

GitHub Security Advisories

GHSA-wr6p-rqxc-pv7q

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an...

https://github.com/advisories/GHSA-wr6p-rqxc-pv7q

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7117

code-projects.org

https://code-projects.org

github.com

https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul9.md

vuldb.com

https://vuldb.com/submit/800855

vuldb.com

https://vuldb.com/vuln/359717

vuldb.com

https://vuldb.com/vuln/359717/cti

github.com

https://github.com/advisories/GHSA-wr6p-rqxc-pv7q

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7117

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7117",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-04-27T11:00:14.584Z",
    "dateReserved": "2026-04-26T16:01:11.933Z",
    "datePublished": "2026-04-27T11:00:14.584Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-04-27T11:00:14.584Z"
      },
      "title": "code-projects Employee Management System approve.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks."
        }
      ],
      "affected": [
        {
          "vendor": "code-projects",
          "product": "Employee Management System",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/359717",
          "name": "VDB-359717 | code-projects Employee Management System approve.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/359717/cti",
          "name": "VDB-359717 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/800855",
          "name": "Submit #800855 | EMPLOYEE_MANAGEMENT_SYSTEM v1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul9.md",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://code-projects.org/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-04-26T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-04-26T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-04-26T18:07:22.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}