11 matches found
EUVD-2020-27268
Malware in sbrugna...
CVE-2020-6114
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Glacies IceHRM 安全漏洞
Glacies IceHRM is a human resource management system from the Glacies team in Germany. The system includes features such as expense management, recruitment management, payroll management and vacation management. A security vulnerability exists in Glacies IceHRM v32.4.0.OS, which stems from improp...
Glacies IceHRM SQL Injection Vulnerability
Glacies IceHRM is a human resource management system from the Glacies team in Germany. The system includes features such as expense management, recruitment management, payroll management and leave management. A SQL injection vulnerability exists in the Admin Reports feature in Glacies IceHRM...
CVE-2020-6114
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
CVE-2020-6114
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Sql injection
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
CVE-2020-6114
The CVE-2020-6114 issue affects Glacies IceHRM v26.6.0.OS Admin Reports. TALOS details show an exploitable SQL injection caused by improper handling of the ob parameter used to build the ORDER BY clause in data retrieval paths (core/data.php → BaseService->getData, then Find). The vulnerabilit...
CVE-2020-6114
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Vulnerability Spotlight: SQL injection vulnerability in Glacies IceHRM
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos researchers recently discovered that the Glacies' IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, allowing users to create...
Glacies IceHRM Admin Reports SQL injection Vulnerability
Summary An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...