HIGHCVE-2026-4223CVSS 7.3

itsourcecode Payroll Management System manage_employee.php sql injection

Platform

php

Component

cve_submit

Fixed in

1.0.1

AI Confidence: highNVDEPSS 0.0%

View on NVD

Save

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

Reports1 threat report

EPSS

0.03% (8% percentile)

CISA SSVC

Exploitationpoc

Automatableyes

Technical Impact

Affected Software

Componentcve_submit

Vendoritsourcecode

Affected rangeFixed in

1.0 – 1.01.0.1

Weakness Classification (CWE)

CWE-89 CWE-74

Timeline

Reserved2026-03-15
Published2026-03-16
EPSS updated2026-03-23

Unpatched — 69 days since disclosure

How to fix

Actualizar el sistema Payroll Management System a una versión parcheada que solucione la vulnerabilidad de inyección SQL. Si no hay una versión disponible, se recomienda deshabilitar o eliminar el sistema hasta que se publique una actualización segura. Además, se deben revisar y limpiar las entradas del usuario para prevenir futuros ataques de inyección SQL.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.