Insecure Direct Object Reference in SourceCodester Human Resource Management
CVE-2026-10624

5.3MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Human Resource Management
Vendor
CVE Published:
2 June 2026

What is CVE-2026-10624?

A vulnerability exists in SourceCodester Human Resource Management 1.0 that allows for improper control of resource identifiers through the manipulation of the 'employeeid' argument in the Employee View Page functionality, specifically within the detailview.php file. Attackers can exploit this vulnerability remotely, exposing the application to unauthorized access and potential data leakage. The exploit has been made public, increasing the urgency for affected users to address this security risk.

Affected Version(s)

Human Resource Management 1.0

References

https://vuldb.com/vuln/367929
vdb-entrytechnical-description
https://vuldb.com/vuln/367929/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10624
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

r4sh7n (VulDB User)
.