Which versions of Employee Management System are affected by CVE-2026-7063?

Code-Projects Employee Management System 1.0 contains an unauthenticated SQL injection vulnerability in the password reset function that allows remote attackers to directly access, modify, or delete…

Is there a public PoC exploit available for CVE-2026-7063?

Yes, a public proof-of-concept exploit is available for CVE-2026-7063. Prioritise patching immediately. EPSS: 0.0%.

Employee Management System CVE-2026-7063

Q: What is the CVSS score of CVE-2026-7063?

CVE-2026-7063 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

MEDIUM

SQL Injection (CWE-89)

2026-04-26 VulDB

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Severity Changed

Apr 26, 2026 - 23:22 NVD

HIGH MEDIUM

CVSS changed

Apr 26, 2026 - 23:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

Analysis Generated

Apr 26, 2026 - 23:15 vuln.today

Analysis Generated

Apr 26, 2026 - 22:45 vuln.today

CVE Published

Apr 26, 2026 - 22:30 nvd

MEDIUM 5.5

DescriptionNVD

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

AnalysisAI

SQL injection in code-projects Employee Management System 1.0 allows remote unauthenticated attackers to extract, modify, or delete database contents via the pwd parameter in /370project/process/eprocess.php. CVSS 7.3 (High) with network vector and no prerequisites. …

RemediationAI

Within 24 hours: identify all systems running Code-Projects Employee Management System 1.0 and isolate affected instances from production networks; document all database access logs from the /370project/process/eprocess.php endpoint. Within 7 days: implement network-level access controls (WAF rules blocking SQL injection patterns to the pwd parameter; restrict access to /370project/process/ to authorized personnel only) and apply input validation patches if vendor releases them. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7063 vulnerability details – vuln.today

Back

Employee Management System CVE-2026-7063

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Employee Management System CVE-2026-7063

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code