DNA View

CVE-2026-37346

Medium

Low Medium High Critical

4.7

CVSS Score

Published: Apr 16, 2026

Last Modified: Apr 17, 2026

CWE: CWE-89

Vulnerability Description

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

https://github.com/mt-0505/cve-report/blob/main/sourcecodester/payroll-management-and-information-system/SQL-1.md
cve@mitre.org

Severity Details

4.7

out of 10.0

Medium

Weakness Type (CWE)

CWE-89 Top 25 #3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description: The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a…
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base

View CWE Details on MITRE

Key Information

Published Date: April 16, 2026

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages