The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data.
Update HCM 7 to version 7.5.3 or later.
Update HCM 8 to version 8.1.7.1 or later.