Skip to content

dovankha/CVE-2024-34222

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Human Resource Management System 1.0

Submitter: Kha Do

Vulnerability

SQL injection

Description

SQL injection vulnerability in /hrm/country.php in SourceCodester Human Resource Management System 1.0 allow attackers to execute arbitrary SQL commands via the searccountry parameters.

Affected component

Path URL: /hrm/country.php

Parameter: &searccountry=[inject here]

Impact

This vulnerability allow attackers allow attackers to execute arbitrary SQL commands via the searccountry parameters

POC

When searching country with the incorrect condition ' and '1'='2'#, no results are returned: incorrect

And, when searching country with the incorrect condition ' and '1'='1'#, all results are returned: correct

About

CVE-2024-34222 | SQL injection

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published