SQL Injection Vulnerability in Sourcecodester Human Resource Management System
CVE-2024-34222

5.9MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Human Resource Management System
Vendor: CVE Published:; 14 May 2024

Summary

The Sourcecodester Human Resource Management System version 1.0 is susceptible to SQL Injection attacks through the 'searccountry' parameter. This vulnerability allows attackers to manipulate SQL queries by injecting malicious code, potentially leading to unauthorized access to sensitive database information, data manipulation, or even full system compromise. Proper security measures should be implemented to sanitize user inputs and ensure the integrity of the database.

References

https://github.com/dovankha/CVE-2024-34222

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024