CVE-2026-7117

CVE Database · CVE-2026-7117

CVE-2026-7117

· MEDIUMDeferred

CVSS v3.1

6.3

CVSS v4.0

2.1

EPSS

0.19%

Published

Apr 27, 2026

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-74CWE-89

References (6)

https://code-projects.org/

https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul9.md

https://vuldb.com/submit/800855

https://vuldb.com/vuln/359717

https://vuldb.com/vuln/359717/cti

https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul9.md

KEV Catalog EPSS Scores Vendors All CVEs