CVE-2025-40682

🗓️ 29 Jul 2025 12:10:56Reported by INCIBEType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 24 Views🌐 WEB

SQL injection in Human Resource Management System 1.0 allows database manipulation via ccity.php endpoint

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-40682	29 Jul 202512:41	–	circl
CNNVD	Human Resource Management System SQL注入漏洞	29 Jul 202500:00	–	cnnvd
Cvelist	CVE-2025-40682 SQL injection vulnerability in Human Resource Management System	29 Jul 202512:10	–	cvelist
EUVD	EUVD-2025-22994	3 Oct 202520:07	–	euvd
NVD	CVE-2025-40682	29 Jul 202513:15	–	nvd
OSV	CVE-2025-40682	29 Jul 202513:15	–	osv
Positive Technologies	PT-2025-31191 · Unknown · Human Resource Management System	29 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-40682	31 Jul 202513:49	–	redhatcve
Vulnrichment	CVE-2025-40682 SQL injection vulnerability in Human Resource Management System	29 Jul 202512:10	–	vulnrichment

NVD

Vulners

Node

oretnom23 human_resource_management_systemMatch1.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Human Resource Management System",
    "vendor": "Human Resource Management System",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

Source	Link
incibe	www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-system

Parameter	Position	Path	Description	CWE
city	query param	/controller/ccity.php	SQL injection vulnerability in Human Resource Management System version 1.0 allows attacker to retrieve, create, update and delete databases via the city and state parameters in /controller/ccity.php.	CWE-89
state	query param	/controller/ccity.php	SQL injection vulnerability in Human Resource Management System version 1.0 allows attacker to retrieve, create, update and delete databases via the city and state parameters in /controller/ccity.php.	CWE-89

17 Jun 2026 09:21Current

7.5High risk

Vulners AI Score7.5

CVSS 3.19.8

CVSS 48.7

EPSS0.00277

SSVC

CWE-89