The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data.

Project Subscriptions

Vendors Products
Metaguru Subscribe
Advisories

No advisories yet.

Fixes

Solution

Update HCM 7 to version 7.5.3 or later. Update HCM 8 to version 8.1.7.1 or later.


Workaround

No workaround given by the vendor.

History

Wed, 15 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 15 Jul 2026 07:45:00 +0000

Type Values Removed Values Added
Description The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data.
Title MetaGuru|HCM - SQL Injection
First Time appeared Metaguru
Metaguru hcm
Weaknesses CWE-89
CPEs cpe:2.3:a:metaguru:hcm:*:*:*:*:*:*:*:*
Vendors & Products Metaguru
Metaguru hcm
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-07-15T12:33:12.244Z

Reserved: 2026-07-15T07:14:34.932Z

Link: CVE-2026-15804

cve-icon Vulnrichment

Updated: 2026-07-15T12:33:06.983Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses