| 제목 | Human Resource Management System V1.0 sql |
|---|
| 설명 | A high-severity SQL Injection vulnerability has been discovered in Human Resource Management System (version 1.0), specifically in the /employeeview.php script. Attackers can exploit this flaw to manipulate database queries via the search parameter, leading to unauthorized data access and potential system compromise.The application directly incorporates user-supplied input from the search parameter into SQL statements without proper sanitization or validation.An attacker sends a crafted HTTP GET request to /employeeview.php, supplying malicious payloads in the search parameter. Because no login or authorization is needed, the injection can be performed anonymously. Successful exploitation grants the attacker the ability to read, modify, or delete HR-related data, potentially leading to broader network or system compromise. |
|---|
| 원천 | ⚠️ https://github.com/Sakurapan/CVE/issues/1 |
|---|
| 사용자 | pan jie (UID 79494) |
|---|
| 제출 | 2024. 12. 27. PM 05:05 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 28. AM 10:00 (17 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 289667 [1000 Projects Human Resource Management System 1.0 /employeeview.php 검색 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|