Vulnerabilities (CVE)

Filtered by vendor Hr Portal Project Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22855 1 Hr Portal Project 1 Hr Portal 2024-11-21 7.5 HIGH 9.8 CRITICAL
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
CVE-2021-22854 1 Hr Portal Project 1 Hr Portal 2024-11-21 5.0 MEDIUM 7.5 HIGH
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.
CVE-2021-22853 1 Hr Portal Project 1 Hr Portal 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.