Emvee

**Name of the Vulnerable Software and Affected Versions** SourceCodester Human Resource Management System version 1.0 **Description** A SQL injection issue allows attackers to execute arbitrary SQL commands via the `password` parameter in the "/hrm/index.php" API endpoint. **Recommendations** For SourceCodester Human Resource Management System version 1.0, consider restricting access to the "/hrm/index.php" endpoint until a patch is available, and avoid using the `password` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Human Resource Management System version 1.0 **Description** A SQL injection issue allows attackers to execute arbitrary SQL commands via the `password` parameter in the `/hrm/user/` API endpoint. **Recommendations** For SourceCodester Human Resource Management System version 1.0, consider restricting access to the `/hrm/user/` endpoint until a patch is available, and avoid using the `password` parameter in this endpoint to minimize the risk of exploitation.