CVE-2023-44481 HIGH

CVE-2023-44481: Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)

Vendor Projectworlds Pvt. Limited
Product Leave Management System Project
Weakness CWE-89 · SQLi
Published December 21, 2023
Last update September 12, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

Key dates

02Disclosure timeline

December 21, 2023 CVE published
September 12, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-37256 WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability CVE-2026-8125 code-projects Simple Chat System sendMessage.php sql injection CVE-2024-27889 Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). CVE-2020-36539 Lógico y Creativo sql injection CVE-2026-0592 code-projects Online Product Reservation System User Registration register_code.php sql injection