Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component

Description

Affected Products

Vendor	Product	Versions
phpgurukul	employee_leave_management_system	—

References

https://github.com/r-pradyun/CVE-2025-67315(Exploit, Third Party Advisory)
https://phpgurukul.com/employee-leaves-management-system-elms/(Product)

CVSS 3.15.4 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

CWECWE-352

PublishedJan 5, 2026

Last enriched3d ago

Trending Score0

Source articles0

Independent0

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component

Description

Affected Products

References

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline