SQL Injection Vulnerability in Sourcecodester Human Resource Management System
CVE-2024-34220

7.5HIGH

Key Information:

Vendor: Sourcecodester
Status: Human Resource Management System
Vendor: CVE Published:; 14 May 2024

Summary

The Sourcecodester Human Resource Management System 1.0 has a vulnerability that exposes it to SQL injection attacks through the 'leave' parameter. This flaw can be exploited by attackers to execute arbitrary SQL code, potentially leading to unauthorized access to the database, data leaks, and manipulation of sensitive information. Organizations using this software should be aware of the risks associated with this vulnerability and take appropriate measures to mitigate them.

References

https://github.com/dovankha/CVE-2024-34220

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024