CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4273 – SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload
https://notcve.org/view.php?id=CVE-2022-4273
A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leecybersec/bug-report/tree/main/sourcecodester/oretnom23/hrm/bypass-fileupload-rce https://vuldb.com/?id.214769 • CWE-266: Incorrect Privilege Assignment CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45218
https://notcve.org/view.php?id=CVE-2022-45218
Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message. Se descubrió que Human Resource Management System v1.0.0 contenía una vulnerabilidad de cross-site scripting (XSS). Esta vulnerabilidad se activa mediante un payload manipulado que se inyecta en un mensaje de error de autenticación. • https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-45218 https://www.sourcecodester.com/sites/default/files/download/oretnom23/hrm.zip • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43262
https://notcve.org/view.php?id=CVE-2022-43262
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. Se descubrió que Human Resource Management System v1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro de contraseña en /hrm/controller/login.php. • https://github.com/null302/bug_report/blob/main/vendors/oretnom23/Human%20Resource%20Management%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43317
https://notcve.org/view.php?id=CVE-2022-43317
A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de cross-site scripting (XSS) en /hrm/index.php?msg de Human Resource Management System v1.0 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado. • https://github.com/ImaizumiYui/bug_report/blob/main/vendors/oretnom23/Human%20Resource%20Management%20System/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43318
https://notcve.org/view.php?id=CVE-2022-43318
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. Se descubrió que Human Resource Management System v1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro stateedit en /hrm/state.php. • https://github.com/ImaizumiYui/bug_report/blob/main/vendors/oretnom23/Human%20Resource%20Management%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •