Lucene search

PRIOn knowledge basePRION:CVE-2012-1506

HistorySep 17, 2014 - 2:55 p.m.

Sql injection

2014-09-1714:55:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

48.7%

JSON

SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
orangehrmeq2.6.6
orangehrmeq2.6.11.2
orangehrmeq2.6.8
orangehrmeq2.6.5
orangehrmeq2.6.4
orangehrmeq2.6.7
orangehrmeq2.6.8.1
orangehrmle2.6.12.1
orangehrmeq2.6.11
orangehrmeq2.6.1

Name	Operator	Version
orangehrm	eq	2.6.6
orangehrm	eq	2.6.11.2
orangehrm	eq	2.6.8
orangehrm	eq	2.6.5
orangehrm	eq	2.6.4
orangehrm	eq	2.6.7
orangehrm	eq	2.6.8.1
orangehrm	le	2.6.12.1
orangehrm	eq	2.6.11
orangehrm	eq	2.6.1

Rows per page:

1-10 of 191

References

blog.orangehrm.com/2012/04/24/orangehrm-27-stable-release-with-complete-localization/

osvdb.org/81743

secunia.com/advisories/49072

www.securityfocus.com/bid/53433

exchange.xforce.ibmcloud.com/vulnerabilities/75472

www.htbridge.com/advisory/HTB23080

8.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

48.7%

JSON

Related for PRION:CVE-2012-1506