CVE-2026-9450
Deferred Deferred - Pending Action
SQL Injection in Employee Management System 1.0

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: VulDB

Description
A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9450
EUVD
EUVD-2026-31667
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
code-projects employee_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability is a SQL injection in the Employee Management System that can be exploited remotely. Such vulnerabilities can lead to unauthorized access or manipulation of sensitive employee data.

This type of security flaw may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.

However, specific details on how this vulnerability affects compliance with these regulations are not provided in the available information.

Executive Summary

This vulnerability is a security flaw in the code-projects Employee Management System version 1.0, specifically in an unknown function within the file /psubmit.php. It involves the manipulation of the argument 'pid' which leads to a SQL injection vulnerability. This means an attacker can inject malicious SQL code through the 'pid' parameter.

The attack can be launched remotely, and an exploit for this vulnerability has already been publicly released, making it easier for attackers to exploit this flaw.

Impact Analysis

This vulnerability can allow an attacker to perform SQL injection attacks remotely on the affected Employee Management System. Such attacks can lead to unauthorized access to the database, data leakage, data modification, or even deletion of data.

Because the exploit is publicly available, the risk of exploitation is higher, potentially compromising the confidentiality, integrity, and availability of the system's data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9450. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart