CVE-2021-43451
Vendor
Software
Description:
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php, /admin/, and loginerms.php. The attacker can retrieve all sensitive information from this CRITICAL vulnerability of this system.
- URL parameters for these vulnerabilitis
1.1. http://192.168.1.135/Employee-Record-Management-System-Project/erms/admin/
1.2. http://192.168.1.135/Employee-Record-Management-System-Project/erms/forgetpassword.php
1.3. http://192.168.1.135/Employee-Record-Management-System-Project/erms/loginerms.php
