A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 14 May 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Fabian
Fabian payroll Management System
CPEs cpe:2.3:a:fabian:payroll_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Fabian
Fabian payroll Management System

Tue, 01 Apr 2025 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title code-projects Payroll Management System view_account.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-04-01T03:56:05.842Z

Reserved: 2025-03-31T11:37:46.395Z

Link: CVE-2025-3038

cve-icon Vulnrichment

Updated: 2025-04-01T03:56:01.861Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-31T23:15:29.787

Modified: 2025-05-14T16:27:03.513

Link: CVE-2025-3038

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.