CNNVD-202509-1571 Information
CNNVD ID
CNNVD-202509-1571
Related CVE
- CNNVD Published: 2025-09-10
Description (Chinese)
HJSoft HCM Human Resources Management System是中国宏景(HJSoft)个人开发者的一个人力资源管理软件。 HJSoft HCM Human Resources Management System 20250822及之前版本存在SQL注入漏洞,该漏洞源于文件/templates/attestation/../../selfservice/lawresource/downlawbase参数ID操作不当,可能导致SQL注入攻击。
Description (English)
HJSoft HCM Human Resources Management System is a human resources management software for the personal developers of HJSoft. HJSoft HCM Human Resources Management Systems System 202500822 and previous versions had an injection loophole in SQL, which arose from document/templates/attestation/…./././selfserview/lawresource/downlawbase parameter id mishandling, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
宏景
Published
2025-09-10
Last Modified
2026-02-24
References
https://github.com/eeeeeekkkkkkkk/POC/blob/main/%E5%AE%8F%E6%99%AFHCM%20%E4%BA%BA%E5%8A%9B%E8%B5%84%E6%BA%90%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9Fdownlawbase%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md https://vuldb.com/?ctiid.323236 https://vuldb.com/?id.323236 https://vuldb.com/?submit.639745
Share on: