SQL Injection Vulnerability in Human Resource Management System
CVE-2024-35469

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Human Resource Management System
Vendor: CVE Published:; 30 May 2024

Summary

A vulnerability has been identified in the SourceCodester Human Resource Management System 1.0 that allows for arbitrary SQL command execution through the password parameter in the /hrm/user/ endpoint. Exploiting this vulnerability enables attackers to manipulate the database in unauthorized ways, potentially compromising sensitive user data and gaining access to administrative functionalities. It is crucial for users and administrators of this system to implement security measures to mitigate the risks associated with this vulnerability.

References

https://www.sourcecodester.com/php/15740/human-resource-m...

https://github.com/dovankha/CVE-2024-35469

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2024