| Title | Human Resource Management System V1.0 sql |
|---|
| Description | A high-severity SQL Injection vulnerability has been discovered in Human Resource Management System (version 1.0), specifically in the /employeeview.php script. Attackers can exploit this flaw to manipulate database queries via the search parameter, leading to unauthorized data access and potential system compromise.The application directly incorporates user-supplied input from the search parameter into SQL statements without proper sanitization or validation.An attacker sends a crafted HTTP GET request to /employeeview.php, supplying malicious payloads in the search parameter. Because no login or authorization is needed, the injection can be performed anonymously. Successful exploitation grants the attacker the ability to read, modify, or delete HR-related data, potentially leading to broader network or system compromise. |
|---|
| Source | ⚠️ https://github.com/Sakurapan/CVE/issues/1 |
|---|
| User | pan jie (UID 79494) |
|---|
| Submission | 12/27/2024 17:05 (1 Year ago) |
|---|
| Moderation | 12/28/2024 10:00 (17 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289667 [1000 Projects Human Resource Management System 1.0 /employeeview.php Search sql injection] |
|---|
| Points | 20 |
|---|