Description
The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data.
No analysis available yet.
Remediation
Vendor Solution
Update HCM 7 to version 7.5.3 or later. Update HCM 8 to version 8.1.7.1 or later.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 15 Jul 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data. | |
| Title | MetaGuru|HCM - SQL Injection | |
| First Time appeared |
Metaguru
Metaguru hcm |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:metaguru:hcm:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Metaguru
Metaguru hcm |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: twcert
Published:
Updated: 2026-07-15T07:31:32.752Z
Reserved: 2026-07-15T07:14:34.932Z
Link: CVE-2026-15804
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')