LOW
IceHRM
CVE published 2026-07-12
CVE-2026-15478
A SQL injection vulnerability was found in IceHRM up to 35.0.1. The vulnerability affects an unknown function in the EmployeeAttendanceReport.php file of the UserReport Endpoint. The attack can be launched remotely by manipulating the employeeList argument. This could potentially lead to unauthorized access to sensitive data. Administrators and users should be aware of this vulnerability and take necessar [truncated]