Vulnerability Details CVE-2025-40682
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.9%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-40682
-
cpe:2.3:a:oretnom23:human_resource_management_system:1.0