A critical SQL injection vulnerability in the Payroll Management and Information System allows unauthenticated attackers to execute unauthorized database queries.

The application lacks proper input sanitization in 'view_employee.php', allowing for SQL injection. An unauthenticated attacker can manipulate queries to extract or modify sensitive payroll and employee data.

With a CVSS score of 9.1, this vulnerability poses a significant risk to the security of sensitive employee and financial information. A successful exploit could lead to data breach, regulatory non-compliance, and loss of organizational trust.

Immediate Action: Update to the latest version of the Payroll Management and Information System.

Proactive Monitoring: Audit database logs for unusual query patterns and monitor for unauthorized access to employee data tables.

Compensating Controls: Implement a WAF to block common SQL injection payloads and enforce strict database user permissions.

Public Exploit Available: Unknown

The sensitivity of the data handled by this system makes this vulnerability particularly dangerous. Administrators must prioritize patching to prevent the theft of sensitive payroll information.