CVE-2026-3752

MEDIUM

SourceCodester Employee Task Management System <1.0 - SQL Injection

Title source: llm

Description

A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

References (5)

[Exploit, Third Party Advisory] https://github.com/meifukun/Web-Security-PoCs/blob/main/Employee-Task-Management-System/SQLi-DailyTaskReport-date.md

View Exploit ZIP pw:eip

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349730

[Permissions Required, VDB Entry] https://vuldb.com/?id.349730

[Permissions Required, VDB Entry] https://vuldb.com/?submit.768035

[Various Sources] https://www.sourcecodester.com/

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 7.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-89 CWE-74

Status published

Affected Products (1)

oretnom23/employee_task_management_system

Timeline

Published Mar 08, 2026

Tracked Since Mar 09, 2026