๐Ÿ” CVE Alert

CVE-2026-15478

MEDIUM 6.3

IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

CVSS Score
6.3
EPSS Score
0.2%
EPSS Percentile
9th

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE CWE-89 CWE-74
Vendor n/a
Product icehrm
Published Jul 12, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for n/a icehrm

Be the first to know when new medium vulnerabilities affecting n/a icehrm are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

n/a / IceHRM
35.0.0 35.0.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377783 vuldb.com: https://vuldb.com/vuln/377783/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15478 vuldb.com: https://vuldb.com/submit/836330 github.com: https://github.com/gamonoid/icehrm/issues/376

Credits

๐Ÿ” geochen (VulDB User) VulDB CNA Team