CVE-2021-42169

CRITICAL

Simple Payroll System with Dynamic Tax Bracket - SQL Injection via Login Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-42169. PoCs published by Yash Mahajan.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Simple Payroll System 1.0, allowing authentication bypass by injecting a malicious payload into the username field. The payload manipulates the SQL query to return true, granting unauthorized access.

Description

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.

Exploits (1)

exploitdb WORKING POC
by Yash Mahajan · textwebappsphp
https://www.exploit-db.com/exploits/50403

This exploit demonstrates an SQL injection vulnerability in Simple Payroll System 1.0, allowing authentication bypass by injecting a malicious payload into the username field. The payload manipulates the SQL query to return true, granting unauthorized access.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Simple Payroll System 1.0
No auth needed
Prerequisites: Access to the login page of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50403

Scores

CVSS v3 9.8
EPSS 0.0274
EPSS Percentile 84.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
simple_payroll_system_with_dynamic_tax_bracket_project/simple_payroll_system_with_dynamic_tax_bracket 1.0
Published Oct 22, 2021
Tracked Since Feb 18, 2026