CVE-2021-43451

CRITICAL

PHPGURUKUL Employee Record Management System 1.2 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43451. PoCs published by Anubhav Singh.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in Employee Record Management System 1.2 via the 'empid' parameter in the forgetpassword.php endpoint. It provides steps to reproduce using Burp Suite and sqlmap for database enumeration.

Description

SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.

Exploits (1)

exploitdb WRITEUP
by Anubhav Singh · textwebappsphp
https://www.exploit-db.com/exploits/50467

This is a writeup describing an SQL injection vulnerability in Employee Record Management System 1.2 via the 'empid' parameter in the forgetpassword.php endpoint. It provides steps to reproduce using Burp Suite and sqlmap for database enumeration.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Employee Record Management System 1.2
No auth needed
Prerequisites: Access to the target application · Burp Suite or similar intercepting proxy · sqlmap
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50467
Exploit, Third Party Advisory x_refsource_misc
https://www.nu11secur1ty.com/2021/12/cve-2021-43451.html

Scores

CVSS v3 9.8
EPSS 0.0215
EPSS Percentile 79.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
phpgurukul/employee_record_management_system 1.2
Published Dec 01, 2021
Tracked Since Feb 18, 2026