Glacies’ IceHRM software contains a vulnerability that could allow an adversary to inject SQL. An attacker could send the software a specially crafted HTTP request, which can open the door for SQL injection. This could allow the attacker to access information such as usernames and password hashes stored in the software’s database. Cisco Talos worked with Glacies to ensure that these issues are resolved and that an update is available for affected customers. The following SNORT rules will detect exploitation attempts.”]
Source: https://blog.talosintelligence.com/2020/07/vuln-spotlight-icehrm-sql-injection-july-2020.html