Описание
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:icehrm:icehrm:26.6.0.os:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02208
Низкий
6.6 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
EPSS
Процентиль: 84%
0.02208
Низкий
6.6 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89