Oretnom23

Human Resource Management System

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-40686

  • EPSS 0.02%
  • Veröffentlicht 29.07.2025 12:12:58
  • Zuletzt bearbeitet 04.08.2025 20:59:26

Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detai...

6.1

CVE-2025-40685

  • EPSS 0.02%
  • Veröffentlicht 29.07.2025 12:12:44
  • Zuletzt bearbeitet 04.08.2025 20:59:22

Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state...

6.1

CVE-2025-40684

  • EPSS 0.02%
  • Veröffentlicht 29.07.2025 12:12:34
  • Zuletzt bearbeitet 04.08.2025 20:59:16

Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/cou...

6.1

CVE-2025-40683

  • EPSS 0.02%
  • Veröffentlicht 29.07.2025 12:12:23
  • Zuletzt bearbeitet 04.08.2025 20:59:10

Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city....

9.8

CVE-2025-40682

  • EPSS 0.04%
  • Veröffentlicht 29.07.2025 12:10:56
  • Zuletzt bearbeitet 04.08.2025 20:59:01

SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.

9.8

CVE-2024-35469

Exploit
  • EPSS 0.73%
  • Veröffentlicht 30.05.2024 18:15:09
  • Zuletzt bearbeitet 11.04.2025 15:16:37

A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.

5.4

CVE-2024-35468

  • EPSS 0.22%
  • Veröffentlicht 30.05.2024 18:15:09
  • Zuletzt bearbeitet 11.04.2025 15:16:42

A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.

4.3

CVE-2024-34223

Exploit
  • EPSS 0.19%
  • Veröffentlicht 14.05.2024 15:38:36
  • Zuletzt bearbeitet 18.04.2025 16:23:42

Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.

5.9

CVE-2024-34222

Exploit
  • EPSS 0.06%
  • Veröffentlicht 14.05.2024 15:38:36
  • Zuletzt bearbeitet 18.04.2025 16:23:47

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.

8.8

CVE-2024-34221

Exploit
  • EPSS 0.23%
  • Veröffentlicht 14.05.2024 15:38:36
  • Zuletzt bearbeitet 18.04.2025 16:23:53

Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.