CNNVD-202511-2143 Information

Nov 19, 2025 cve

CNNVD ID

CNNVD-202511-2143

CVE-2025-13420

CNNVD Published: 2025-11-19

Description (Chinese)

itsourcecode Human Resource Management System是itsourcecode开源的一个人力资源管理系统。 itsourcecode Human Resource Management System 1.0版本存在SQL注入漏洞，该漏洞源于对文件/src/store/EventStore.php中参数eventSubject的错误操作，可能导致SQL注入攻击。

Description (English)

Its sourcecode Human Resources Management System is an open-source human resources management system. Its sourcecode Human Resources Management System Version 1.0 contains an injection loophole in SQL, which is the result of an error in the operation of the parameter IvanSubject in the document/src/store/EventStore.php, which could lead to an attack on SQL.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

itsourcecode

Published

2025-11-19

Last Modified

2026-02-24

References

https://vuldb.com/?id.332942 https://vuldb.com/?submit.695952 https://github.com/f14g-orz/CVE/issues/8 https://itsourcecode.com/ https://vuldb.com/?ctiid.332942 https://access.redhat.com/security/cve/cve-2025-13420

Share on: