A vulnerability classified as critical has been found in Employee Managment System 1.0. This affects an unknown part of the file /aprocess.php. The manipulation of the argument pwd leads to sql injection.
This vulnerability is uniquely identified as CVE-2024-25215. The attack needs to be approached within the local network. There is no exploit available.