7 matches found
CVE-2024-0469
CVE-2024-0469 affects code-projects’ Human Resource Integrated System 1.0. The vulnerability exists in the file update_personal_info.php where manipulating the parameter sex enables a SQL injection. This is a remotely exploitable issue, with public disclosure of the exploit. Several connected sou...
CVE-2024-0470
CVE-2024-0470 affects code-projects Human Resource Integrated System 1.0. The vulnerability is in the /admin_route/inc_service_credits.php component where manipulating the id argument enables SQL injection. Exploitation can be performed remotely; the exploit has been disclosed publicly. Multiple ...
CVE-2024-0471
CVE-2024-0471 affects code-projects Human Resource Integrated System 1.0 in the /admin_route/dec_service_credits.php file. The root cause is manipulation of the date parameter that enables SQL injection. This vulnerability has been described as critical and is exploitable remotely, with public di...
CVE-2025-9740
CVE-2025-9740 affects code-projects Human Resource Integrated System 1.0. The vulnerability is in /log_query.php where manipulation of the ID parameter enables SQL injection, with remote exploitation and public availability of the exploit. Multiple sources corroborate the issue across vendors and...
CVE-2025-9743
CVE-2025-9743 affects code-projects Human Resource Integrated System 1.0. The vulnerability is a SQL injection in the file login_attendance2.php, triggered by manipulating the arguments employee_id/date. It is exploitable remotely and an exploit has been publicly released, with multiple sources c...
CVE-2025-9742
CVE-2025-9742 affects code-projects' Human Resource Integrated System 1.0. The vulnerability arises from improper handling of the login.php input, where manipulation of the user/pass parameters enables SQL injection. Impact stated in sources includes potential remote exploitation and data exposur...
CVE-2025-9741
Summary: CVE-2025-9741 affects code-projects Human Resource Integrated System 1.0, specifically the /login_query12.php file. The issue is a SQL injection caused by lack of validation of the ID parameter in that file. An attacker can remotely exploit this vulnerability, and a public exploit exists...