Skip to content

dovankha/CVE-2024-35468

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2024-35468

Submitter: Kha Do

Human Resource Management System 1.0

Vulnerability

SQL injection

Description

SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allow attackers to execute arbitrary SQL commands via the password parameters.

Affected component

/hrm/index.php

Impact

The attacker can use payload 'or'1'='1 login with administrator account without credentials.

POC

Login with anonymous SQLi_bypass_login

Source code contain vulnerability Source_code_SQLi

Video

Video_PoC.mp4

About

CVE-2024-35468 | SQL injection

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published