| TVN ID | TVN-202607005 |
|---|---|
| CVE ID | CVE-2026-15804 |
| CVSS | 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | HCM 7 version before 7.5.3 HCM 8 version before 8.1.7.1 |
| Description | The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data. |
| Solution | Update HCM 7 to version 7.5.3 or later. Update HCM 8 to version 8.1.7.1 or later. |
| Credit | BTtea(CHT Security) |
| Public Date | 2026-07-15 |
