Giters

dovankha / CVE-2024-35468

CVE-2024-35468 | SQL injection

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2024-35468

Submitter: Kha Do

Human Resource Management System 1.0

Vulnerability

SQL injection

Description

SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allow attackers to execute arbitrary SQL commands via the password parameters.

Affected component

/hrm/index.php

Impact

The attacker can use payload 'or'1'='1 login with administrator account without credentials.

POC

Login with anonymous SQLi_bypass_login

Source code contain vulnerability Source_code_SQLi

Video

Video_PoC.mp4

About

CVE-2024-35468 | SQL injection