CVE-2023-49171

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: fr...

CVE-2025-13421

A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been...

EUVD-2022-42844

Malicious code in bioql PyPI...

CVE-2025-9743 code-projects Human Resource Integrated System login_attendance2.php sql injection

A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file loginattendance2.php. Performing manipulation of the argument employeeid/date results in sql injection. The attack can be initiated remotely. The exploit has been...

Sage DPW 安全漏洞

Sage DPW is an HR system from Sage UK. A security vulnerability exists in versions prior to Sage DPW 202412000, which stems from unfiltered scripting of input fields and can lead to cross-site scripting attacks...

CVE-2024-34221

CVE-2024-34221 affects Sourcecodester Human Resource Management System 1.0. The issue is described as an insecure permissions bug that can lead to privilege escalation. CVSS v3.1 metrics show a HIGH impact (C/H/I/A) with network attack vector, low attack complexity, and privileges required at LOW...

CVE-2024-34222

CVE-2024-34222 affects Sourcecodester Human Resource Management System 1.0, where an SQL Injection flaw resides in the searccountry parameter. The vulnerability is described as a local, low-complexity issue with low confidentiality, integrity, and availability impact (CVSS 3.1: AV:L/AC:L/PR:N/UI:...

PT-2024-15587 · Unknown · Code-Projects Human Resource Integrated System

Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /admin route/inc service credits.php. The manipulation of the id argument leads to SQ...

SQL Injection Vulnerability in Human Resource Information Management System of Beijing Hongjing Century Software Company Limited (CNVD-2023-68143)

Beijing Hongjing Century Software Co., Ltd. is a professional e-HR vendor in China. A SQL injection vulnerability exists in the human resources information management system of Beijing Hongjing Century Software Company Limited, which can be exploited by an attacker to obtain sensitive information...

Preventing Insider Attacks on Your HR System

By Owais Sultan An insider threat has emerged as one of the most significant threats to all types of businesses and organizations. This is a post from HackRead.com Read the original post: Preventing Insider Attacks on Your HR System...

CVE-2022-3497

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to laun...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site...

CVE-2022-3470

A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2022-3471

A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely...

CVE-2022-3493 SourceCodester Human Resource Management System Add Employee cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site...

CVE-2022-3473 SourceCodester Human Resource Management System getstatecity.php sql injection

A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

Human Resource Information System 1.0 Authentication Bypass / Account Creation Exploit

Exploit Title: Human Resource Information System 1.0 - Create Admin Account Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14714/human-resource-information-using-phpmysqliobject-orientedcomplete-free-sourcecode.html Version:1.0 Tested on: windows...

Soar Cloud System SQL Injection Vulnerability

Soar Cloud System is a HR system solution system developed by Soar. The Soar Cloud System HR portal suffers from a SQL injection vulnerability that stems from not filtering SQL injection statements, which allows a remote attacker to inject SQL syntax and obtain all data in the database without...

CVE-2017-14848

WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employeeid parameter...

Ultimate HR System <= 1.2 - Directory Traversal / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: HRM - Workable Zone : Ultimate HR System Last Name Other vulnerable fields include: First Name, Contact Number Unauthenticated Directory Traversal: http://localhost.com/download?type=document&filename=../../../../../etc/passwd...