CVE-2021-42169

CRITICAL

Simple Payroll System With Dynamic Tax Bracket - SQL Injection

Title source: rule

Description

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.

Exploits (1)

exploitdb WORKING POC

by Yash Mahajan · textwebappsphp

https://www.exploit-db.com/exploits/50403

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-21-100521

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50403

Scores

CVSS v3 9.8

EPSS 0.0021

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

simple_payroll_system_with_dynamic_tax_bracket_project/simple_payroll_system_with_dynamic_tax_bracket 1.0

Published Oct 22, 2021

Tracked Since Feb 18, 2026