CVE-2026-37347
SQL Injection in SourceCodester Payroll's view_employee.php
Publication date: 2026-04-16
Last updated on: 2026-04-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | payroll_management_and_information_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in SourceCodester Payroll Management and Information System v1.0 is an SQL Injection found in the file /payroll/view_employee.php.
SQL Injection is a security flaw that allows an attacker to interfere with the queries that an application makes to its database. This can enable the attacker to view, modify, or delete data they should not have access to.
How can this vulnerability impact me? :
This SQL Injection vulnerability can allow an attacker to access sensitive employee data stored in the payroll system.
Potential impacts include unauthorized data disclosure, data modification, or deletion, which can disrupt payroll operations and compromise employee privacy.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a SQL Injection in the SourceCodester Payroll Management and Information System v1.0, which can lead to unauthorized access or manipulation of sensitive employee data.
Such unauthorized access or data breaches can result in non-compliance with data protection regulations like GDPR and HIPAA, which require the protection of personal and sensitive information.
Therefore, this vulnerability poses a significant risk to compliance with these standards by potentially exposing confidential payroll and employee information.