Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orangehrm orangehrm 2.6.0.1 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2010-4798
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
Orangehrm Orangehrm 2.6.0.1
1 EDB exploit
4.3
CVSSv2
CVE-2011-5258
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM prior to 2.6.11.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.0
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.2
2 EDB exploits
6.8
CVSSv2
CVE-2011-5259
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM prior to 2.6.11.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.2
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.0
1 EDB exploit
6.5
CVSSv2
CVE-2012-1506
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM prior to 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details...
Orangehrm Orangehrm 2.6.11.2
Orangehrm Orangehrm 2.6.11.3
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.11
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.2
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6
Orangehrm Orangehrm 2.6.0
Orangehrm Orangehrm 2.6.12
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.8.1
1 EDB exploit
4.3
CVSSv2
CVE-2012-1507
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM prior to 2.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, o...
Orangehrm Orangehrm 2.6.0
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.2
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6
Orangehrm Orangehrm 2.6.11.3
Orangehrm Orangehrm 2.6.12
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm 2.6.11
Orangehrm Orangehrm 2.6.11.2
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.4
3 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started