Vulnerability Spotlight: SQL injection vulnerability in Glacies IceHRM

Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos researchers recently discovered that the Glacies’ IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, allowing users to create and track timesheets for employees, upload documents and manage payroll. An attacker could send the software a specially crafted HTTP request, which can open the door for SQL injection. This could…

[[ This is only the beginning! Please visit the blog for the complete entry ]]

Go to Source

You may also like...