CVE-2020-35427

CRITICAL

Phpgurukul Employee Record Management System - SQL Injection

Title source: rule

Description

SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

Exploits (1)

exploitdb WORKING POC

by Anurag Kumar · textwebappsmultiple

https://www.exploit-db.com/exploits/49165

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://phpgurukul.com/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49165

Scores

CVSS v3 9.8

EPSS 0.0112

EPSS Percentile 78.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

phpgurukul/employee_record_management_system 1.1

Published Jul 20, 2021

Tracked Since Feb 18, 2026