exploitDog

CVE-2025-40682

Опубликовано: 29 июл. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-system
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oretnom23:human_resource_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00035

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-fw89-hr7j-cx8r

CVSS3: 9.8

github

6 месяцев назад

SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.

EPSS

Процентиль: 10%

0.00035

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89