CVE-2021-44966

CRITICAL

PHPGURUKUL Employee Record Management System 1.2 - SQL Injection Bypass Authentication via index.php

Title source: llm
STIX 2.1

Description

SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.

Scores

CVSS v3 9.8
EPSS 0.0208
EPSS Percentile 79.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
phpgurukul/employee_record_management_system 1.2
Published Dec 13, 2021
Tracked Since Feb 18, 2026