SQL Injection Vulnerability in Admin Reports of Glacies IceHRM by Glacies Technologies
CVE-2020-6114

6.6MEDIUM

Key Information:

Vendor

Icehrm

Vendor
CVE Published:
10 July 2020

What is CVE-2020-6114?

An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM. By sending a specially crafted HTTP request, an attacker can execute harmful SQL commands within the server's database. This can lead to unauthorized access to sensitive data, manipulation of database entries, or complete system compromise when exploited by authenticated users.

Affected Version(s)

Glacies IceHRM" Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a)

References

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

CVSS V3.0

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.