PT-2024-26509 · Sourcecodester · Sourcecodester Human Resource Management System

Emvee

Published

2024-05-30

Updated

2025-04-11

CVE-2024-35468

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Human Resource Management System version 1.0

Description A SQL injection issue allows attackers to execute arbitrary SQL commands via the password parameter in the "/hrm/index.php" API endpoint.

Recommendations For SourceCodester Human Resource Management System version 1.0, consider restricting access to the "/hrm/index.php" endpoint until a patch is available, and avoid using the password parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-35468

Affected Products

Sourcecodester Human Resource Management System

PT-2024-26509 · Sourcecodester · Sourcecodester Human Resource Management System

CVE-2024-35468

Weakness Enumeration

Related Identifiers

Affected Products

References · 5