A SQL Injection vulnerability exists in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
hrsale project hrsale 1.0.2