Giters

dovankha / CVE-2024-34223

CVE-2024-34223 | Insecure permission

Repository from Github https://github.comdovankha/CVE-2024-34223Repository from Github https://github.comdovankha/CVE-2024-34223

Human Resource Management System Project in PHP and MySQL Free Source Code

Submitter: Kha Do

Vulnerability

Insecure Permission

Description

Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.

Affected component

Path URL: /hrm/leaverequest.php

Parameter: ?msg=, ?id=

Impact

The normal user can self-approve or reject leave ticket, which is not permitted.

id: accept ticket.

msg: reject ticket.

PoC

Insecure_permission_leave.mp4

About

CVE-2024-34223 | Insecure permission