CVE-2024-34220

HIGH

Sourcecodester HRMS 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34220. PoCs published by dovankha.

AI-analyzed exploit summary This repository provides a functional SQL injection PoC for CVE-2024-34220 in the Human Resource Management System by SourceCodester. The exploit demonstrates time-based SQLi via the 'leavestatus' parameter in 'applyleave.php', with payloads causing measurable delays (5s and 20s) and SQLmap integration for further exploitation.

Description

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.

Exploits (1)

nomisec WORKING POC

by dovankha · poc

https://github.com/dovankha/CVE-2024-34220

View Code ZIP pw:eip

This repository provides a functional SQL injection PoC for CVE-2024-34220 in the Human Resource Management System by SourceCodester. The exploit demonstrates time-based SQLi via the 'leavestatus' parameter in 'applyleave.php', with payloads causing measurable delays (5s and 20s) and SQLmap integration for further exploitation.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Human Resource Management System (SourceCodester)

Auth required

Prerequisites: Access to the 'applyleave.php' endpoint · Valid PHP session cookie

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/dovankha/CVE-2024-34220

Scores

CVSS v3 7.5

EPSS 0.0078

EPSS Percentile 51.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

oretnom23/human_resource_management_system 1.0

Published May 14, 2024

Tracked Since Feb 18, 2026