PT-2025-12416 · Code Projects · Code-Projects Human Resource Management System

Hnsjwaxxjsyxgs

Publicado

2025-03-21

Atualizado

2025-03-21

CVE-2025-2589

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Human Resource Management System version 1.0.1

Description A critical issue affects the function Index of the file handlerAccount.go. The manipulation of the argument user cookie leads to improper authorization. The exploit has been disclosed to the public and may be used.

Recommendations For code-projects Human Resource Management System version 1.0.1, consider disabling the function Index of the file handlerAccount.go or restricting the manipulation of the user cookie argument until a patch is available.

Exploit

Correção

Incorrect Privilege Assignment

Improper Authorization

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-285CWE-862

Identificadores relacionados

CVE-2025-2589

Produtos afetados

Code-Projects Human Resource Management System

PT-2025-12416 · Code Projects · Code-Projects Human Resource Management System

CVE-2025-2589

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11