关键信息 CVE ID: CVE-2025-13420 VDB ID: VDB-332942 GCVE ID: GCVE-100-332942 CVSS Meta Temp Score: 6.9 Current Exploit Price: $0-$5k CTI Interest Score: 5.94- Vulnerability Type: SQL Injection Affected Product: ITSOURCECODE Human Resource Management System 1.0 Affected File: /src/store/EventStore.php Affected Argument: eventSubject Vulnerability Description: - The vulnerability arises from an unknown function in the file. - Manipulation of the argument can lead to SQL injection. - The attack can be launched remotely without authentication. - An exploit is present and can easily be used. CWE: CWE-89 (Improper Neutralization of Special Elements used in SQL Commands ('SQL Injection')) Impact: Affects confidentiality, integrity, and availability. Advisory Location: Available on github.com