29 matches found
CVE-2024-34221
CVE-2024-34221 affects Sourcecodester Human Resource Management System 1.0. The issue is described as an insecure permissions bug that can lead to privilege escalation. CVSS v3.1 metrics show a HIGH impact (C/H/I/A) with network attack vector, low attack complexity, and privileges required at LOW...
CVE-2024-35469
CVE-2024-35469 affects SourceCodester Human Resource Management System v1.0. A SQL injection occurs in the /hrm/user/ endpoint through the password parameter due to improper handling, enabling attackers to execute arbitrary SQL commands. Practical impact is high (as described in sources). Mitigat...
CVE-2024-35468
CVE-2024-35468 affects SourceCodester Human Resource Management System v1.0. A SQL injection flaw exists in the /hrm/index.php endpoint, exploitable through the password parameter to execute arbitrary SQL commands. Root cause: improper handling/sanitization of input to the SQL query in that API p...
CVE-2022-3502
CVE-2022-3502 affects Human Resource Management System (HRMS) version 1.0, specifically the Leave Handler component. The vulnerability arises from manipulation of the Reason argument, enabling cross-site scripting (XSS). The issue is exploitable remotely and the exploit has been disclosed publicl...
CVE-2024-34223
CVE-2024-34223 concerns an insecure permission vulnerability in the SourceCodester Human Resource Management System (HRS) v1.0, impacting the endpoint /hrm/leaverequest.php . The issue enables an attacker to approve or reject leave tickets due to improper access control. Affects the product and v...
CVE-2022-4273
CVE-2022-4273 concerns the SourceCodester Human Resource Management System 1.0. The vulnerability resides in the Content-Type Handler, specifically the /hrm/controller/employee.php file, where manipulation of the pfimg argument enables an unrestricted file upload. Exploitation can be remote and h...
CVE-2022-3471
CVE-2022-3471 affects SourceCodester Human Resource Management System; the city.php component’s searccity parameter is vulnerable to SQL injection. A remote attacker can exploit this vulnerability, and public PoCs/exploits are referenced in the records. Multiple connected sources confirm the issu...
CVE-2022-3496
CVE-2022-3496 concerns a vulnerability in SourceCodester Human Resource Management System 1.0, affecting the Admin Panel’s file employeeadd.php . The issue is described as an improper access control flaw that can be exploited remotely, with the attack vector labeled as network and low privileges ...
CVE-2022-43262
CVE-2022-43262 affects the Human Resource Management System v1.0, with a SQL injection vulnerability in the password parameter of /hrm/controller/login.php. The issue is documented across multiple sources (NVD entry and Red Hat, CNNVD, PRION, PT-PT...). The NVD entry lists an exploit path via the...
CVE-2022-3472
SourceCodester Human Resource Management System is affected by CVE-2022-3472 due to an SQL injection in the city.php component, triggered by manipulating the cityedit parameter. The issue is exploitable remotely and an exploit/PoC has been disclosed publicly. Affected versions are not specified i...
CVE-2022-3492
CVE-2022-3492 concerns SourceCodester Human Resource Management System 1.0, specifically the Profile Photo Handler component. The core issue is the manipulation of an argument parameter that enables an OS command injection, with a remote attack surface. Several connected sources reiterate the vul...
CVE-2022-3473
CVE-2022-3473 : In the SourceCodester Human Resource Management System, the vulnerability resides in the getstatecity.php component where manipulating the ci parameter results in an SQL injection . The issue is exploitable remotely and, per multiple sources, the exploit has been publicly disclose...
CVE-2022-4278
SourceCodester Human Resource Management System v1.0 contains a SQL injection vulnerability in /hrm/employeeadd.php via the empid parameter. The issue allows remote exploitation and impacts confidentiality, integrity, and availability as described across multiple sources. Remediation suggested in...
CVE-2022-3458
CVE-2022-3458 affects SourceCodester Human Resource Management System v1.0 in the Image File Handler, via an issue in /employeeview.php that enables unrestricted file upload. The vulnerability is exploitable remotely and is tied to an unknown function in the image handler component. Impact and te...
CVE-2023-3391
The issue is in SourceCodester Human Resource Management System 1.0, specifically in the file detailview.php where the parameter employeeid can be manipulated to perform SQL injection. The vulnerability can be exploited remotely, with exploits disclosed publicly. Root cause: unsafe handling of th...
CVE-2024-34222
CVE-2024-34222 affects Sourcecodester Human Resource Management System 1.0, where an SQL Injection flaw resides in the searccountry parameter. The vulnerability is described as a local, low-complexity issue with low confidentiality, integrity, and availability impact (CVSS 3.1: AV:L/AC:L/PR:N/UI:...
CVE-2022-43317
The CVE-2022-43317 entry describes a cross-site scripting (XSS) vulnerability in Human Resource Management System v1.0, specifically targeting the /hrm/index.php?msg endpoint. The underlying issue allows attackers to inject and execute arbitrary web scripts or HTML via a crafted payload. The cons...
CVE-2022-3470
CVE-2022-3470 affects the SourceCodester Human Resource Management System. Affected is an unknown function in the file getstatecity.php; manipulating the parameter sc triggers a SQL injection, enabling remote exploitation. Publicly disclosed exploits exist, with the vulnerability highlighted acro...
CVE-2022-43318
CVE-2022-43318 affects Human Resource Management System v1.0. A SQL injection vulnerability exists via the stateedit parameter on the /hrm/state.php endpoint. Affected component: the /hrm/state.php API handling of the stateedit input. Root cause: improper handling of user-supplied input enabling ...
CVE-2022-3493
CVE-2022-3493 affects SourceCodester Human Resource Management System 1.0, specifically the Add Employee Handler. The vulnerability arises from manipulating the First Name/Middle Name/Last Name inputs, enabling cross-site scripting. The issue can be triggered remotely and impacts confidentiality/...
CVE-2022-4279
CVE-2022-4279 affects SourceCodester Human Resource Management System 1.0. The vulnerability lies in /hrm/employeeview.php where manipulating the search parameter enables cross-site scripting (XSS). It can be exploited remotely and the public exploit is disclosed. Multiple connected sources confi...
CVE-2022-45218
CVE-2022-45218 affects the Home Resource Management System (HRMS) v1.0.0. The vulnerability is a Cross‑Site Scripting (XSS) flaw triggered by a crafted payload injected into an authentication error message. The issue is documented across multiple feeds (NVD/Red Hat/ CNNVD, etc.) with the same des...
CVE-2022-3497
CVE-2022-3497 affects SourceCodester Human Resource Management System 1.0 (Master List component). The vulnerability arises from manipulating the city/state/country/position parameters, enabling cross-site scripting. Exploitation is remote, but CVSS data indicate user interaction is required and ...
CVE-2024-34220
CVE-2024-34220 affects Sourcecodester Human Resource Management System 1.0 and is described as a SQL Injection via the 'leave' parameter. Public PoC/exploit code exists (e.g., on GitHub), showing parameterized input being unsafely handled and allowing sleep-based timing tricks. Red Hat/PT-Securit...
CVE-2025-40682
The CVE-2025-40682 entry concerns Human Resource Management System (version 1.0). The vulnerability is a SQL injection in the /controller/ccity.php endpoint, exploitable via the city and state parameters, enabling an attacker to retrieve, create, update, and delete databases. Root cause described...
CVE-2025-40683
CVE-2025-40683 is a reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System version 1.0. The issue resides in the searccity parameter of the /city.php endpoint, where input is reflected without proper sanitization, allowing an attacker to execute JavaScript in the v...
CVE-2025-40685
CVE-2025-40685 corresponds to a Reflected Cross-Site Scripting (XSS) flaw in Human Resource Management System (HRMS) v1.0. The vulnerability is triggered by supplying malicious input to the searcstate parameter in the /state.php endpoint, allowing an attacker to execute JavaScript in the victim’s...
CVE-2025-40686
CVE-2025-40686 affects Human Resource Management System v1.0. A reflected Cross-Site Scripting vulnerability exists in the /detailview.php page via the employeeid parameter, allowing injected JavaScript to run in a victim’s browser. Exploitation details are not provided in the CVE entry; related ...
CVE-2025-40684
The CVE-2025-40684 entry describes a Reflected XSS vulnerability in the Human Resource Management System (HRMS) version 1.0. The flaw allows an attacker to execute arbitrary JavaScript in a victim’s browser by supplying a crafted URL that targets the searccountry parameter in the /country.php end...