CVE-2026-10624
Improper Resource Control in Human Resource Management 1.0 Employee View
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | human_resource_management | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-99 | The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SourceCodester Human Resource Management 1.0, specifically in the /detailview.php file within the Employee View Page component. It involves improper control of resource identifiers due to manipulation of the employeeid argument. An attacker can exploit this remotely by manipulating this argument, potentially gaining unauthorized access or control.
How can this vulnerability impact me? :
The vulnerability allows an attacker to manipulate the employeeid parameter remotely, which can lead to improper control over resource identifiers. This may result in unauthorized access to employee information or other sensitive data within the Human Resource Management system.