CVE-2025-40682 — SQL Injection in Resource Management System

CWE-89 — SQL Injection3 documents3 sources

Severity

8.7HIGHNVD

EPSS

0.1%

top 82.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Human Resource Management System Oretnom23 Human Resource Management System

Timeline

PublishedJul 29

Description

SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDoretnom23/human_resource_management_system1.0

▶CVEListV5human_resource_management_system/human_resource_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-fw89-hr7j-cx8r: SQL injection vulnerability in Human Resource Management System version 1↗2025-07-29

▶

CVEList

SQL injection vulnerability in Human Resource Management System↗2025-07-29

▶