CVE-2025-51506 Information
Aug 20, 2025
cve
Description
In the smartLibrary component of the HRForecast Suite 0.4.3 a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint.
Reference
https://github.com/MVRC-ITSEC/CVEs/blob/main/CVE-2025-51506 https://hrforecast.com/ https://hrforecast.com/smartlibrary-job-architecture/
Related CNNVD
CNNVD-202508-2181 (Published: 2025-08-19)
Share on: