PT-2025-34745 · Sourcecodester · Sourcecodester Human Resource Information System

M00N_L33

Published

2025-08-26

Updated

2025-08-31

CVE-2025-9476

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Information System version 1.0

Description: A vulnerability exists in SourceCodester Human Resource Information System 1.0, specifically within an unknown functionality of the /Superadmin Dashboard/process/editemployee process.php file. Manipulation of the employee file201 argument allows for unrestricted file uploads. This issue can be exploited remotely. The exploit has been publicly disclosed and may be in use.

Recommendations: As a mitigation, restrict access to the /Superadmin Dashboard/process/editemployee process.php file. Avoid using the employee file201 argument in the affected file until a fix is available.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-9476

Affected Products

Sourcecodester Human Resource Information System

CVE-2025-9476

Weakness Enumeration

Related Identifiers

Affected Products

References · 13