CVE-2022-3492

MEDIUM

SourceCodester Human Resource Management System 1.0 - OS Command Injection via Profile Photo Handler

Title source: llm
STIX 2.1

Description

A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772.

References (1)

Core 1
Core References
Third Party Advisory
https://vuldb.com/?id.210772

Scores

CVSS v3 6.3
EPSS 0.0093
EPSS Percentile 55.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-78 CWE-707
Status published
Products (1)
oretnom23/human_resource_management_system 1.0
Published Oct 13, 2022
Tracked Since Feb 18, 2026