SQL Injection Vulnerability in HRSALE The Ultimate HRM v1.0.2 Allows Unauthorized SQL Query Modification

SQL Injection Vulnerability in HRSALE The Ultimate HRM v1.0.2 Allows Unauthorized SQL Query Modification

CVE-2018-10256 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.