CVE-2013-2498

Name of the Vulnerable Software and Affected Versions SimpleHRM versions 2.3, 2.2, and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands via the username parameter to "index.php/user/setLogin". This is a SQL injection vulnerability in the login page, specifically in the file flexycms/modules/user/user manager.php.

Recommendations For SimpleHRM versions 2.3, 2.2, and earlier, consider disabling the login functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the username parameter in the affected API endpoint until the issue is resolved.