A cross-site request forgery (CSRF) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows an attacker to perform a CSRF attack and change an email confirmation setting via a request with a crafted request.
An improper authorization error in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to read arbitrary files via a request with a crafted request.
An information disclosure vulnerability in /hrm/index.php?p=edit&id_hierarchy of Human Resource Management System v1.0 allows attackers to read arbitrary files via a request with a crafted request.
An SQL injection vulnerability in /hrm/index.php?p=edit&id_hierarchy of Human Resource Management System v1.0 allows an attacker to inject malicious SQL code into settings via a request with a crafted request.
An XSS vulnerability in /hrm/index.php?p=edit&id_hierarchy of Human Resource Management System v1.0 allows an attacker to inject malicious code into settings via a request with a crafted request.
An information disclosure vulnerability in /hrm/index.php?p=edit&id_hierarchy of Human Resource Management System v1.0 allows attackers to read arbitrary files via a request with a crafted request.
An SQL injection vulnerability in /hrm/index
SQL Injection in Human Resource Management System
Human Resource Management System suffers from an SQL injection vulnerability. This vulnerability is located in the /hrm/index.php?p=edit&id_hierarchy parameter, and allows attackers to inject malicious SQL code into settings via a request with a crafted request. With this vulnerability, attackers can gain access to sensitive information and cause harm to business operations. For instance, this vulnerability could be exploited to read arbitrary files or insert malicious code into settings. During exploitation, the attacker can execute arbitrary commands in the context of the site’s web server via a crafted request that references an already-invented database table’s name.
Timeline
Published on: 11/07/2022 15:15:00 UTC
Last modified on: 11/08/2022 16:38:00 UTC