CVE-2023-0641
LOWPHPGurukul Employee Leaves Management System 1.0 - Weak Password Re...
Title source: llmDescription
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.220021
Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.220021
Exploit, Third Party Advisory exploit
https://github.com/ctflearner/Vulnerability/blob/main/Employee%20Leaves%20Management%20System/ELMS.md
Scores
CVSS v3
3.7
EPSS
0.0100
EPSS Percentile
58.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-521
Status
published
Products (1)
employee_leaves_management_system_project/employee_leaves_management_system
1.0
Published
Feb 02, 2023
Tracked Since
Feb 18, 2026