SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM prior to 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orangehrm orangehrm 2.6.11.2 |
||
orangehrm orangehrm 2.6.11.3 |
||
orangehrm orangehrm 2.6.6 |
||
orangehrm orangehrm 2.6.10 |
||
orangehrm orangehrm 2.6.11 |
||
orangehrm orangehrm 2.6.4 |
||
orangehrm orangehrm 2.6.5 |
||
orangehrm orangehrm 2.6.0.1 |
||
orangehrm orangehrm 2.6.1 |
||
orangehrm orangehrm 2.6.2 |
||
orangehrm orangehrm 2.6.3 |
||
orangehrm orangehrm 2.6.9 |
||
orangehrm orangehrm 2.6.7 |
||
orangehrm orangehrm 2.6 |
||
orangehrm orangehrm 2.6.0 |
||
orangehrm orangehrm 2.6.12 |
||
orangehrm orangehrm |
||
orangehrm orangehrm 2.6.8 |
||
orangehrm orangehrm 2.6.8.1 |