|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-09-03 | |
| Rule Name: | Hrsoft eHR GetE01ByDeptCode SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Hrsoft eHR Human Resource management system is an intelligent human resource management solution launched by Langxin Technology. SQL injection vulnerabilities exist in the interface of GetE01ByDeptCode, in the Hrsoft eHR. Malicious attackers can perform unauthorized database operations through this vulnerability, which may lead to security problems such as information leakage, database tampering or denial of service. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |