exploitDog

CVE-2021-22854

Опубликовано: 17 фев. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

Ссылки

https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4404-3f498-1.html
Third Party Advisory
https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4404-3f498-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hr_portal_project:hr_portal:7.3.2020.1013:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00387

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-qq7w-3jcr-f834

github

больше 3 лет назад

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

EPSS

Процентиль: 59%

0.00387

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

CWE-89