CVE-2021-22854 HIGH

CVE-2021-22854: Soar Cloud System Co., Ltd. HR Portal - SQL Injection

Vendor Soar Cloud System Co., Ltd.
Product HR Portal
Weakness CWE-89 · SQLi
Published February 17, 2021
Last update September 16, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

Key dates

02Disclosure timeline

February 17, 2021 CVE published
September 16, 2024 Record updated