CVE-2026-10624
4.3 MEDIUMA vulnerability has been found in SourceCodester Human Resource Management 1.0
Published: 2026-06-02 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-99
Description
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifiers. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10624
- [Other]https://r4sh7n.medium.com/insecure-direct-object-reference-idor-vulnerability-in-employee-management-functionality-70df8ac5b1d3?postPublishedType=repub
- [Other]https://vuldb.com/cve/CVE-2026-10624
- [Other]https://vuldb.com/submit/829766
- [Other]https://vuldb.com/vuln/367929
- [Other]https://vuldb.com/vuln/367929/cti
- [Other]https://www.sourcecodester.com/
Related CVEs
Same CWE
- CVE-2026-10299 — A weakness has been identified in code-projects Online Hospital Management System 1.0 (3.8 LOW)
- CVE-2026-10168 — A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6... (6.3 MEDIUM)
- CVE-2026-9438 — A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203 (5.4 MEDIUM)
- CVE-2026-33603 — Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding (6.8 MEDIUM)