SQL Injection Vulnerability in Glacies IceHRM v26.6.0.OS Admin Reports Functionality

SQL Injection Vulnerability in Glacies IceHRM v26.6.0.OS Admin Reports Functionality

CVE-2020-6114 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.