In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated malicious users to achieve arbitrary command execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orangehrm orangehrm |