PT-2026-53205 · Codeastro · Human Resource Management System
Ashikmd7
·
Publicado
2026-06-29
·
Atualizado
2026-06-29
·
CVE-2026-13535
CVSS v3.1
6.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employee model.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
Exploit
Correção
SQL injection
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Human Resource Management System