A vulnerability, which was classified as critical , was found in code-projects Employee Management System 1.0 . Affected is an unknown function of the file /psubmit.php . The manipulation of the argument pid results in sql injection. This vulnerability is known as CVE-2026-9450 . It is possible to launch the attack remotely. Furthermore, an exploit is available.