CVE-2025-2985: code-projects Payroll Management System update_account.php sql injection
First published: Mon Mar 31 2025(Updated: )
A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. This affects an unknown part of the file update_account.php. The manipulation of the argument deduction leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Payroll Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2985?
CVE-2025-2985 is classified as a critical severity vulnerability.
How does CVE-2025-2985 affect the Payroll Management System?
CVE-2025-2985 allows for SQL injection through the manipulation of the deduction argument in the update_account.php file.
Can CVE-2025-2985 be exploited remotely?
Yes, CVE-2025-2985 can be exploited remotely.
What should I do to fix CVE-2025-2985?
To fix CVE-2025-2985, validate and sanitize inputs in the update_account.php file to prevent SQL injection.
Which software versions are affected by CVE-2025-2985?
CVE-2025-2985 affects version 1.0 of the Payroll Management System.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/code-projects
- canonical/payroll management system