CVE-2026-9450

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published May 25, 2026

Vendor unknown

Description

A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

References

https://code-projects.org/
https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul22.md
https://vuldb.com/submit/813706
https://vuldb.com/vuln/365431
https://vuldb.com/vuln/365431/cti