OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orangehrm orangehrm 4.10 |