Description
The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
Vendor Solution
Update HCM 7 to version 7.5.3 or later. Update HCM 8 to version 8.1.7.1 or later.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 15 Jul 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data. | |
| Title | MetaGuru|HCM - SQL Injection | |
| First Time appeared |
Metaguru
Metaguru hcm |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:metaguru:hcm:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Metaguru
Metaguru hcm |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: twcert
Published:
Updated: 2026-07-15T07:31:32.752Z
Reserved: 2026-07-15T07:14:34.932Z
Link: CVE-2026-15804
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses