【Vulnerability Alert】aEnrich a+HRD - SQL Injection
publish date :
2025-02-04
update date :
2025-02-04
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025012310012929 | Publication Time | 2025/01/23 10:11 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/01/23 10:11 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】aEnrich a+HRD - SQL Injection |
|||
| [Content] Forwarded from TWCERTCC-200-202501-00000003 [aEnrich a+HRD - SQL Injection] (TVN-202501006, CVE-2025-0585, CVSS: 9.8) A SQL Injection vulnerability exists in aEnrich a+HRD, allowing unauthenticated remote attackers to inject arbitrary SQL commands into specific parameters, potentially leading to unauthorized data access, modification, and deletion within the database. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] a+HRD versions 7.5 and below |
|||
| [Recommended Actions] Please refer to the security announcement on the aEnrich official website and upgrade to version 6.8 or later, ensuring that the latest patches are applied. Alternatively, contact aEnrich customer support for assistance. |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-132-8372-19721-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center
