← back
CVE-2021-22854

Soar Cloud System Co., Ltd. HR Portal - SQL Injection

CVSS 7.5 HIGHEPSS 1.5%CWE-89
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Feb 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Soar Cloud System Co., Ltd. · HR Portal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557ehttps://www.twcert.org.tw/tw/cp-132-4404-3f498-1.html