CVE-2021-44966

CRITICAL

PHPGURUKUL Employee Record Management System 1.2 - SQL Injection Bypass Authentication via index.php

Title source: llm

Description

SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/PHPGURUKUL/ANUJ%20KUMAR/Employee-Record-Management-System-SQL-Injection-Bypass-Authentication

Scores

CVSS v3 9.8

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

phpgurukul/employee_record_management_system 1.2

Published Dec 13, 2021

Tracked Since Feb 18, 2026