CVE-2022-3471— Human Resource Management System 安全漏洞

SourceCodester Human Resource Management System city.php sql injection

A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

对消息或数据结构的处理不恰当

Human Resource Management System 安全漏洞

Human Resource Management System是maverickosama个人开发者的一个人力资源管理系统。 Human Resource Management System存在安全漏洞，该漏洞源于其city.php组件的一个未知函数对参数searccity的操作会导致SQL注入。该攻击方法已经被公开并且可以由远程发起，存在被利用的风险。

N/A

N/A