Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orangehrm orangehrm vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2007-1193
Multiple unspecified vulnerabilities in the Login page in OrangeHRM prior to 20070212 have unknown impact and attack vectors.
Orangehrm Orangehrm 2.1
685
VMScore
CVE-2011-5259
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM prior to 2.6.11.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.2
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.0
1 EDB exploit
685
VMScore
CVE-2010-4798
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
Orangehrm Orangehrm 2.6.0.1
1 EDB exploit
655
VMScore
CVE-2012-1506
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM prior to 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details...
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.11.2
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.11
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.2
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm 2.6.11.3
Orangehrm Orangehrm 2.6.12
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.0
1 EDB exploit
605
VMScore
CVE-2012-5367
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated ...
Orangehrm Orangehrm 2.7.1
1 EDB exploit
578
VMScore
CVE-2019-12839
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated malicious users to achieve arbitrary command execution.
Orangehrm Orangehrm
490
VMScore
CVE-2020-29437
SQL injection in the Buzz module of OrangeHRM up to and including 4.6 allows remote authenticated malicious users to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint.
Orangehrm Orangehrm
445
VMScore
CVE-2021-28399
OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.
Orangehrm Orangehrm 4.7
445
VMScore
CVE-2012-1507
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM prior to 2.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, o...
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.11.2
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.11
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.2
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm 2.6.11.3
Orangehrm Orangehrm 2.6.12
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.0
3 EDB exploits
445
VMScore
CVE-2011-3766
OrangeHRM 2.6.0.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files.
Orangehrm Orangehrm 2.6.0.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »