CVE-2011-5258
- EPSS 6.5%
- Veröffentlicht 12.02.2013 20:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/central...
- EPSS 1.19%
- Veröffentlicht 03.12.2012 21:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/inde...
- EPSS 0.32%
- Veröffentlicht 24.09.2011 00:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files.
CVE-2010-4798
- EPSS 1.11%
- Veröffentlicht 27.04.2011 00:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
- EPSS 0.38%
- Veröffentlicht 10.11.2007 11:46:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this informati...
CVE-2007-1193
- EPSS 0.39%
- Veröffentlicht 02.03.2007 21:18:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors.