CVE-2021-22854

HIGH

HR Portal - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4404-3f498-1.html

Scores

CVSS v3 7.5
EPSS 0.0153
EPSS Percentile 71.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
hr_portal_project/hr_portal 7.3.2020.1013
Published Feb 17, 2021
Tracked Since Feb 18, 2026