Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025012310012929 | Publication Time | 2025/01/23 10:11 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/01/23 10:11 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】aEnrich a+HRD - SQL Injection |
|||
| [Content] Forwarded from TWCERTCC-200-202501-00000003 [aEnrich a+HRD - SQL Injection] (TVN-202501006, CVE-2025-0585, CVSS: 9.8) A SQL Injection vulnerability exists in aEnrich a+HRD, allowing unauthenticated remote attackers to inject arbitrary SQL commands into specific parameters, potentially leading to unauthorized data access, modification, and deletion within the database. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] a+HRD versions 7.5 and below |
|||
| [Recommended Actions] Please refer to the security announcement on the aEnrich official website and upgrade to version 6.8 or later, ensuring that the latest patches are applied. Alternatively, contact aEnrich customer support for assistance. |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-132-8372-19721-1.html |
|||