Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos researchers recently discovered that the Glacies’ IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, allowing users to create and track timesheets for employees, upload documents and manage payroll. An attacker could send the software a specially crafted HTTP request, which can open the door for SQL injection. This could…
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Go to Source
Author:
