CVE-2021-22854

Summary

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

Affected Software

VendorProductVersion RangeStatus
Soar Cloud System Co., Ltd.HR Portal0 7.3.2020.1013affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References