RSS   Vulnerabilities for 'Hr portal'   RSS

2021-02-17
 
CVE-2021-22855

CWE-502
 

 
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.

 
 
CVE-2021-22854

CWE-89
 

 
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

 
 
CVE-2021-22853

CWE-269
 

 

 


Copyright 2021, cxsecurity.com

 

Back to Top