CVE-2025-40682

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Human Resource Management System version 1.0

Description A SQL injection vulnerability exists in Human Resource Management System version 1.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases via the city and state parameters in the /controller/ccity.php endpoint.

Recommendations Human Resource Management System version 1.0: Sanitize or validate the city and state parameters within the /controller/ccity.php endpoint to prevent SQL injection attacks.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-40682

Affected Products

Human Resource Management System

CVE-2025-40682

Weakness Enumeration

Related Identifiers

Affected Products

References · 8