CVE-2024-35469

CRITICAL

SourceCodester Human Resource Management System 1.0 - SQL Injection via Password Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-35469. PoCs published by dovankha.

AI-analyzed exploit summary The repository provides a detailed writeup of an SQL injection vulnerability in SourceCodester Human Resource Management System 1.0, specifically in the `/hrm/user/` endpoint. It includes technical details, screenshots of the vulnerability, and a proof-of-concept payload (`'or'1'='1`) for authentication bypass.

Description

A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.

Exploits (1)

nomisec WRITEUP 1 stars
by dovankha · poc
https://github.com/dovankha/CVE-2024-35469

The repository provides a detailed writeup of an SQL injection vulnerability in SourceCodester Human Resource Management System 1.0, specifically in the `/hrm/user/` endpoint. It includes technical details, screenshots of the vulnerability, and a proof-of-concept payload (`'or'1'='1`) for authentication bypass.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: SourceCodester Human Resource Management System 1.0
No auth needed
Prerequisites: Access to the login page of the vulnerable application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0064
EPSS Percentile 45.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
oretnom23/human_resource_management_system 1.0
Published May 30, 2024
Tracked Since Feb 18, 2026