CVE-2026-9450

6.3 MEDIUM

A security flaw has been discovered in code-projects Employee Management System 1.0

Published: 2026-05-25 · Last updated: 2026-05-26

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74, CWE-89

Description

A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9450
[Other]https://code-projects.org/
[Other]https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul22.md
[Other]https://vuldb.com/submit/813706
[Other]https://vuldb.com/vuln/365431
[Other]https://vuldb.com/vuln/365431/cti

Related CVEs

Same CWE

CVE-2026-52715 — Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions (9.3 CRITICAL)
CVE-2026-52712 — Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions (7.6 HIGH)
CVE-2026-49772 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events C... (9.3 CRITICAL)
CVE-2026-39581 — Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions (8.5 HIGH)
CVE-2026-39574 — Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions (9.3 CRITICAL)