Insecure Permission Vulnerability in SourceCodester Human Resource Management System
CVE-2024-34223
4.3MEDIUM
What is CVE-2024-34223?
The SourceCodester Human Resource Management System 1.0 contains a vulnerability within the leave request handling functionality located at /hrm/leaverequest.php. This flaw enables individuals without proper authorization to manipulate leave tickets by approving or rejecting them, fundamentally undermining the integrity of the leave management process. Organizations using this system could face significant risks including unauthorized actions by users who should not have such permissions, leading to potential abuses of leave requests and disruptions in workforce management.