2 matches found
SimpleHRM 'username' Parameter SQL Injection Vulnerability
SimpleHRM is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-2498
CVE-2013-2498 affects SimpleHRM (versions 2.3, 2.2 and earlier) and is caused by an SQL injection in the login page (flexycms/modules/user/user_manager.php). The vulnerability allows remote attackers to manipulate the username field passed to index.php/user/setLogin, enabling arbitrary SQL comman...