SQL Injection Vulnerability in MetaGuru's HCM Product
CVE-2026-15804

8.7HIGH

Key Information:

Vendor

Metaguru

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-15804?

The HCM product developed by MetaGuru is exposed to a SQL Injection vulnerability that allows authenticated remote attackers to execute malicious SQL commands through specific parameters. This severe flaw can lead to unauthorized access, manipulation of database records, and potential breaches of sensitive information, placing the confidentiality, integrity, and availability of the database at serious risk.

Affected Version(s)

HCM 7 < 7.5.3

HCM 8 < 8.1.7.1

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.