Insecure Permission Vulnerability in SourceCodester Human Resource Management System
CVE-2024-34223

4.3MEDIUM

Key Information:

Vendor: SourceCodester
Status: Human Resource Management System
Vendor: CVE Published:; 14 May 2024

Summary

The SourceCodester Human Resource Management System 1.0 contains a vulnerability within the leave request handling functionality located at /hrm/leaverequest.php. This flaw enables individuals without proper authorization to manipulate leave tickets by approving or rejecting them, fundamentally undermining the integrity of the leave management process. Organizations using this system could face significant risks including unauthorized actions by users who should not have such permissions, leading to potential abuses of leave requests and disruptions in workforce management.

References

https://github.com/dovankha/CVE-2024-34223

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024