Description
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
Exploits (1)
References (3)
Core 3
Core References
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/04/17/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/92538
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83628
Scores
EPSS
0.0047
EPSS Percentile
64.6%
Details
CWE
CWE-89
Status
published
Products (2)
simplehrm/simplehrm
2.3
simplehrm/simplehrm
< 2.2
Published
Mar 01, 2014
Tracked Since
Feb 18, 2026