Giters

dovankha / CVE-2024-34221

CVE-2024-34221 | Insecure pemission

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Human Resource Management System Project in PHP and MySQL Free Source Code

Submitter: Kha Do

Vulnerability

Insecure permission

Description

There is an insecure permission vulnerability in /hrm/controller/ccity.php?positionedit= in the SourceCodester Human Resource Management System 1.0, allowing attackers to access functions that are not permitted for a normal user.

Affected component

Path URL: /hrm/controller/ccity.php?positionedit=

Parameter: position.php

Impact

The attacker can use normal account to add new position, which is not permitted for a normal user.

POC

Video_PoC.mp4

About

CVE-2024-34221 | Insecure pemission