EUVD-2024-34700

Malicious code in bioql PyPI...

CVE-2023-3391

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-35469

A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter...

CVE-2024-35468

CVE-2024-35468 affects SourceCodester Human Resource Management System v1.0. A SQL injection flaw exists in the /hrm/index.php endpoint, exploitable through the password parameter to execute arbitrary SQL commands. Root cause: improper handling/sanitization of input to the SQL query in that API p...

CVE-2024-34221

Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation...

CVE-2024-34220

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter...

CVE-2024-34223

Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket...

CVE-2024-34220

CVE-2024-34220 affects Sourcecodester Human Resource Management System 1.0 and is described as a SQL Injection via the 'leave' parameter. Public PoC/exploit code exists (e.g., on GitHub), showing parameterized input being unsafely handled and allowing sleep-based timing tricks. Red Hat/PT-Securit...

Sql injection

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The...

CVE-2022-4278

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The...

CVE-2022-4279

A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2022-4278

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The...

CVE-2022-4273

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to...

Out-of-bounds

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to...

CVE-2022-4279 SourceCodester Human Resource Management System employeeview.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2022-4278 SourceCodester Human Resource Management System employeeadd.php sql injection

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The...

CVE-2022-4273 SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to...

Cross site scripting

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to laun...