Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
itsourcecode Payroll Management System 1.0: Remote SQL Injection Risk
CVE-2026-5238
Summary
A vulnerability in itsourcecode Payroll Management System 1.0 allows hackers to inject malicious SQL code, potentially stealing sensitive employee data. This can happen when a malicious user manipulates the ID field in the system. To protect your data, update to the latest version of the software or consider migrating to a more secure alternative.
Original title
A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view_employee.php of the component Parameter Handler....
Original description
A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view_employee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026