go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Soar Cloud System Co., Ltd. HR Portal - SQL Injection

TVN ID TVN-202101008
CVE ID CVE-2021-22854
CVSS 7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products Soar Cloud System Co., Ltd. HR Portal version 7.3.2020.1013
Description The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.
Solution Update to version 7.3.2020.1110
Credit TsungShu Chiu
Public Date 2021-02-17

Links

  1. CVE-2021-22854
  2. CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Human Resource Portal
Top