AI Score
Confidence
High
EPSS
Percentile
47.8%
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
ctrsec.io/index.php/2019/06/11/ace-orangehrm/
github.com/orangehrm/orangehrm/pull/528