SimpleHRM 2.3 and previous versions could allow remote malicious users to bypass the authentication process in 'user_manager.php' via spoofing a cookie.
simplehrm simplehrm