CVE-2025-40682 Information

Description

SQL injection vulnerability in Human Resource Management System version 1.0 which allows an attacker to retrieve create update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-system

Related CNNVD

CNNVD-202507-3598 (Published: 2025-07-29)