Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orangehrm orangehrm 2.6.0.1 vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2010-4798
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
Orangehrm Orangehrm 2.6.0.1
1 EDB exploit
685
VMScore
CVE-2011-5259
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM prior to 2.6.11.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.2
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.0
1 EDB exploit
440
VMScore
CVE-2011-5258
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM prior to 2.6.11.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.0
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.2
2 EDB exploits
445
VMScore
CVE-2012-1507
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM prior to 2.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, o...
Orangehrm Orangehrm 2.6.0
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.2
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6
Orangehrm Orangehrm 2.6.11.3
Orangehrm Orangehrm 2.6.12
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm 2.6.11
Orangehrm Orangehrm 2.6.11.2
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.4
3 EDB exploits
655
VMScore
CVE-2012-1506
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM prior to 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details...
Orangehrm Orangehrm 2.6.11.2
Orangehrm Orangehrm 2.6.11.3
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.11
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.2
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6
Orangehrm Orangehrm 2.6.0
Orangehrm Orangehrm 2.6.12
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.8.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started