PT-2025-12416 · Code Projects · Code-Projects Human Resource Management System

Hnsjwaxxjsyxgs

Published

2025-03-21

Updated

2025-03-21

CVE-2025-2589

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Human Resource Management System version 1.0.1

Description A critical issue affects the function Index of the file handlerAccount.go. The manipulation of the argument user cookie leads to improper authorization. The exploit has been disclosed to the public and may be used.

Recommendations For code-projects Human Resource Management System version 1.0.1, consider disabling the function Index of the file handlerAccount.go or restricting the manipulation of the user cookie argument until a patch is available.

Exploit

Fix

Incorrect Privilege Assignment

Improper Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-285CWE-862

Related Identifiers

CVE-2025-2589

Affected Products

Code-Projects Human Resource Management System

PT-2025-12416 · Code Projects · Code-Projects Human Resource Management System

CVE-2025-2589

Weakness Enumeration

Related Identifiers

Affected Products

References · 11