CVE-2025-1160

MEDIUM Year: 2025
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-1392
View all →

Vulnerability Description

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2023-30603

CRITICAL
CVSS:9.8(Critical)

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remot...

CWE-13922023

CVE-2023-30801

CRITICAL
CVSS:9.8(Critical)

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, thi...

CWE-13922023

CVE-2023-3703

CRITICAL
CVSS:9.8(Critical)

Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials

CWE-13922023

CVE-2023-40704

MEDIUM
CVSS:9.8(Critical)

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An ...

CWE-13922023

CVE-2023-49621

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An...

CWE-13922023

CVE-2024-12286

CRITICAL
CVSS:9.8(Critical)

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

CWE-13922024