| عنوان | code-projects Human Resource Integrated System 1.0 SQL Injection |
|---|
| الوصف | The employee_id and date parameters in login_attendance2.php are not properly sanitized or parameterized, making them vulnerable to SQL injection. An attacker could exploit this vulnerability by injecting malicious SQL code to manipulate database queries. An attacker could leverage a time-based SQL injection method and a error-based SQL injection method. |
|---|
| المصدر | ⚠️ https://github.com/cooorgi/cve/blob/main/hris_sql_login_attendance2.md |
|---|
| المستخدم | cooorgi (UID 80520) |
|---|
| ارسال | 22/08/2025 08:13 PM (10 أشهر منذ) |
|---|
| الاعتدال | 30/08/2025 06:47 PM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 322042 [code-projects Human Resource Integrated System 1.0 login_attendance2.php employee_id/date حقن SQL] |
|---|
| النقاط | 19 |
|---|