CVE-2006-6524

EzHRS HR Assist <1.05 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ajann · textwebappsasp
https://www.exploit-db.com/exploits/2909

References (4)

Scores

EPSS 0.0106
EPSS Percentile 77.4%

Classification

Status draft

Affected Products (1)

ezhrs/hr_assist < 1.05

Timeline

Published Dec 14, 2006
Tracked Since Feb 18, 2026