An issue exists in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jorani project jorani 0.6.5 |