CVE-2024-0470 MEDIUM

CVE-2024-0470: code-projects Human Resource Integrated System inc_service_credits.php sql injection

Vendor Code-Projects

Product Human Resource Integrated System

Weakness CWE-89 · SQLi

Published January 12, 2024

Last update June 3, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575.

Key dates

02Disclosure timeline

January 12, 2024 CVE published

June 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-0470 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-9933 PHPGurukul Beauty Parlour Management System view-appointment.php sql injection CVE-2024-13426 WP-Polls <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting CVE-2024-12195 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection CVE-2022-29822 Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection CVE-2024-0361 PHPGurukul Hospital Management System contact.php sql injection