Headline
CVE-2022-4278: bug-report/sourcecodester/oretnom23/hrm/employeeadd-sqli at main · leecybersec/bug-report
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.
Human Resource Management System 1.0 SQL Injection
Description: Vulnerability was found in SourceCodester Book Store Management System 1.0. A SQL Injection vulnerability in /hrm/employeeadd.php with empid handler.
The product(s): https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html
Affected product(s)/code base: https://www.sourcecodester.com/sites/default/files/download/oretnom23/hrm.zip
Affected component(s): /hrm/employeeadd.php
Source code analysis:
The empid handler don’t have input validation from user.
Proof of Concept:
Login as admin and go to http://localhost/hrm/employeeadd.php
Payload SQLi with sleep(1): /hrm/employeeadd.php?empid=1%27%20or%20sleep(1)%20–%20-
Payload SQLi with sleep(10): /hrm/employeeadd.php?empid=1%27%20or%20sleep(10)%20–%20-
Check payload at MySQL log:
Discoverer(s)/Credits: NGO VAN TU (@leecybersec)