| 제목 | CodeAstro Human Resource Management System in PHP CodeIgniter v1.0 Boolean, Error and Time-Based SQL Injection |
|---|
| 설명 | A critical SQL Injection vulnerability exists in the Human Resource Management System developed by CodeAstro. The issue is present in the employee view functionality where the (I) GET parameter is base64-decoded and passed into the GetFileInfo function without sanitization. An attacker can inject arbitrary SQL queries through this parameter, leading to full database compromise including data exfiltration, modification, and potential service disruption. The vulnerability is exploitable via boolean-based blind, error-based, and time-based SQL injection techniques. |
|---|
| 원천 | ⚠️ https://github.com/ashikmd0507/CVE/tree/main/SQL%20Injection%20via%20GetFileInfo%20Function |
|---|
| 사용자 | ashikmd7 (UID 98284) |
|---|
| 제출 | 2026. 05. 29. AM 05:07 (1 월 ago) |
|---|
| 모더레이션 | 2026. 06. 28. AM 11:27 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 374543 [CodeAstro Human Resource Management System 1.0 View Endpoint Employee_model.php GetFileInfo 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|