Date of Posting: 2026/07/17
【Vulnerability Alert】BPMero|HCM - SQL Injection
Description:
Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Advisory TWCERTCC-200-202607-00000010
【BPMero|HCM - SQL Injection 】(CVE-2026-15804, CVSS: 8.8) An SQL Injection vulnerability exists in HCM developed by BPMero. An authenticated remote attacker can inject SQL commands through specific parameters, affecting the confidentiality, integrity, and availability of database data.
Affected Platforms:
Recommended Actions:
References:
-
Computer and Communication Center
Network System Division