CVE-2025-55262
HCL Aftermarket DPC is affected by SQL Injection
In short
HCL Aftermarket DPC contains a SQL Injection flaw that lets attackers run unauthorized database commands to steal sensitive data. This happens when user input isn't properly filtered before being used in database queries.
Technical detail
SQL Injection vulnerability in HCL Aftermarket DPC allows unauthenticated or low-privileged attackers to inject malicious SQL statements into input parameters, bypassing input validation. This enables unauthorized database access, data extraction, and potential privilege escalation or system compromise depending on database permissions.
Summary generated and translated by AI from the official description.
HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
Affected products
HCL · Aftermarket DPCWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →