SQL Injection Vulnerability in MetaGuru's HCM Product
CVE-2026-15804
8.7HIGH
What is CVE-2026-15804?
The HCM product developed by MetaGuru is exposed to a SQL Injection vulnerability that allows authenticated remote attackers to execute malicious SQL commands through specific parameters. This severe flaw can lead to unauthorized access, manipulation of database records, and potential breaches of sensitive information, placing the confidentiality, integrity, and availability of the database at serious risk.
Affected Version(s)
HCM 7 < 7.5.3
HCM 8 < 8.1.7.1
