CVE-2025-10197 | HJSoft HCM Human Resources Management System up to 20250822 downlawbase ID sql injection

A vulnerability has been found in HJSoft HCM Human Resources Management System up to 20250822 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservice/lawresource/downlawbase. Performing manipulation of the argument ID results in sql injection.

This vulnerability is known as CVE-2025-10197. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10197 | HJSoft HCM Human Resources Management System up to 20250822 downlawbase ID sql injection

Post correlati

CVE-2025-27023 | Infinera G42 up to 7.0 WebGUI CLI Web information disclosure

CVE-2022-45845 | Nextend Smart Slider 3 Plugin up to 3.5.1.9 on WordPress deserialization

CVE-2024-6189 | Tenda A301 15.13.08.12 /goform/WifiExtraSet fromSetWirelessRepeat wpapsk_crypto stack-based overflow

CVE-2025-7209 | 9fans plan9port up to 9da5b44 src/libsec/port/x509.c value_decode null pointer dereference (Issue 711)