CVE-2021-22854 HIGH

CVE-2021-22854: Soar Cloud System Co., Ltd. HR Portal - SQL Injection

Vendor Soar Cloud System Co., Ltd.

Product HR Portal

Weakness CWE-89 · SQLi

Published February 17, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

Key dates

02Disclosure timeline

February 17, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-22854 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-7841 SourceCodester Clinics Patient Management System check_user_name.php sql injection CVE-2021-24142 301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection CVE-2024-0461 code-projects Online Faculty Clearance HTTP POST Request deactivate.php sql injection CVE-2025-2678 PHPGurukul Bank Locker Management System changeimage1.php sql injection CVE-2024-3251 SourceCodester Computer Laboratory Management System sql injection