PT-2022-26572 · Sourcecodester · Sourcecodester Book Store Management System+1
Ngo Van Tu
·
Published
2022-12-03
·
Updated
2024-01-25
·
CVE-2022-4278
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Human Resource Management System version 1.0
SourceCodester Book Store Management System version 1.0
Description
A critical issue affects the processing of the file /hrm/employeeadd.php, where the manipulation of the
empid argument leads to SQL injection. The attack can be initiated remotely.Recommendations
For SourceCodester Human Resource Management System version 1.0, consider disabling the /hrm/employeeadd.php file until a patch is available.
For SourceCodester Book Store Management System version 1.0, restrict access to the /hrm/employeeadd.php file to minimize the risk of exploitation.
Avoid using the
empid argument in the affected file until the issue is resolved.Exploit
Fix
Improper Neutralization
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Book Store Management System
Sourcecodester Human Resource Management System