CVE-2024-35469

Submitter: Kha Do

Human Resource Management System 1.0

Vulnerability

SQL injection

Description

SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allow attackers to execute arbitrary SQL commands via the password parameters.

Affected component

/hrm/user/

Impact

The attacker can use payload 'or'1'='1 login with administrator account without credentials.

POC

Login with anonymous

Source code contain vulnerability

Video

PoC_Video.mp4

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-35469

Submitter: Kha Do

Human Resource Management System 1.0

Vulnerability

Description

Affected component

Impact

POC

Video

About

Releases

Packages

dovankha/CVE-2024-35469

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-35469

Submitter: Kha Do

Human Resource Management System 1.0

Vulnerability

Description

Affected component

Impact

POC

Video

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages