Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2026-37347
Critical
Low
Medium
High
Critical
9.1
CVSS Score
Vulnerability Description
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
N
Severity Details
9.1
out of 10.0
Critical
Weakness Type (CWE)
CWE-89
Top 25 #3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- Description
- The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a…
- Exploit Likelihood
- High
- Typical Severity
- High
- OWASP Top 10
- A03:2021-Injection
- Abstraction Level
- Base
Key Information
- Published Date
- April 16, 2026
