Unrated severityNVD Advisory· Published Jul 29, 2025· Updated Jul 29, 2025

SQL injection vulnerability in Human Resource Management System

CVE-2025-40682

Description

SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.

Affected products

Angeljudesuarez/Human Resource Management Systemllm-fuzzy
Range: = 1.0
Human Resource Management System/Human Resource Management Systemv5
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-systemmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000