PT-2025-37002 · Hjsoft · Hjsoft Hcm Human Resources Management System
Mhkd
·
Published
2025-09-10
·
Updated
2025-09-10
·
CVE-2025-10197
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
HJSoft HCM Human Resources Management System versions prior to 20250823
Description:
A SQL injection issue exists in HJSoft HCM Human Resources Management System. The vulnerability is located in an unknown functionality of the file
/templates/attestation/../../selfservice/lawresource/downlawbase. Manipulation of the ID argument can lead to exploitation. Remote exploitation is possible. The details of the exploit have been publicly disclosed.Recommendations:
Prior to 20250823, sanitize or validate the
ID argument to prevent SQL injection.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hjsoft Hcm Human Resources Management System