CVE-2024-34221 PoC — Human Resource Management System 安全漏洞

Source

https://github.com/dovankha/CVE-2024-34221

Associated Vulnerability

Title:Human Resource Management System 安全漏洞 (CVE-2024-34221)
Description:Human Resource Management System是maverickosama个人开发者的一个人力资源管理系统。 Sourcecodester Human Resource Management System 1.0版本存在安全漏洞，该漏洞源于容易受到不安全权限的影响。

Description

CVE-2024-34221 | Insecure pemission

Readme

# Human Resource Management System Project in PHP and MySQL Free Source Code
#### Submitter: Kha Do

## Vulnerability
Insecure permission

## Description
There is an insecure permission vulnerability in `/hrm/controller/ccity.php?positionedit=` in the SourceCodester Human Resource Management System 1.0, allowing attackers to access functions that are not permitted for a normal user.

## Affected component
Path URL: /hrm/controller/ccity.php?positionedit=

Parameter: position.php

## Impact
The attacker can use normal account to add new position, which is not permitted for a normal user.

## POC

https://github.com/dovankha/CVE-2024-34221/assets/63991630/667ddbd4-af03-4959-9f20-765e9e8a8bae

File Snapshot


 [4.0K]  /data/pocs/529731fde8bfcdd154a8b32a3cc9682eead53b05
└── [ 700]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!