Skip to content
CVSS 7.3 · HIGH

CVE-2026-7063

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Ver en NVD

Análisis

This is a SQL injection vulnerability in a small, likely educational or low-volume project from code-projects. The vendor typically provides source code for student projects and simple scripts rather than production-grade enterprise software. Given its niche deployment scale, it does not meet the criteria for community-wide alerts.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-74CWE-89

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 11.7%
EPSS: 2026-05-06

Descripción técnica

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Publicada: 26/4/2026, 23:16:21
Última modificación: 29/4/2026, 1:00:01

Referencias

InicioEventosBlogRecursosEquipo