PT-2025-35414 · Code Projects · Human Resource Integrated System
Cooorgi
·
Published
2025-08-31
·
Updated
2025-09-08
·
CVE-2025-9733
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Human Resource Integrated System version 1.0
Description
A security flaw exists in code-projects Human Resource Integrated System version 1.0. The issue impacts an unknown function within the
/login timeee.php file. Manipulation of the emp id argument can lead to SQL injection. The attack can be initiated remotely, and the exploit has been publicly released.Recommendations
As a temporary workaround, consider restricting access to the
/login timeee.php file until a fix is available.
Sanitize the emp id argument to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Human Resource Integrated System