4 matches found
📄 Horilla 1.3 Remote Command Execution
Horilla versions 1.3 and below suffer from a remote command execution vulnerability. Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE...
CVE-2025-48868
creationtimestamp| type| source ---|---|--- 2026-04-08 14:31:07+00:00| seen| https://bsky.app/profile/exploitdb-bot.bsky.social/post/3miyj22ysj62l 2026-04-09 21:02:46+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mj3pezinnu2a 2026-06-08 14:13:51+00:00| seen|...
Horilla v1.3 - RCE
Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE vulnerability CVE-2025-48868. It logs into the target web app, creates a project, and...
CVE-2025-48868
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...