Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos researchers recently discovered that the Glacies’ IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, allowing users to create and track timesheets for employees, upload documents and manage payroll. An attacker could send the software a specially crafted HTTP request, which can open the door for SQL injection. This could…
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Article Link: http://feedproxy.google.com/~r/feedburner/Talos/~3/8-HYdstzYrc/vuln-spotlight-icehrm-sql-injection-july-2020.html