14 matches found
CVE-2026-6834 aEnrich|a+HRD - Missing Authorization
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...
aEnrich a+HRD 安全漏洞
aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A security vulnerability exists in aEnrich a+HRD that stems from authentication abuse and could allow an unauthenticated remote attacker to send specially crafted packets to obtain administrator access...
PT-2025-46573
Name of the Vulnerable Software and Affected Versions aEnrich a+HRD affected versions not specified Description The a+HRD software contains an authentication issue that allows unauthenticated remote attackers to create administrator access tokens. These tokens can then be used to gain access to t...
aEnrich a+HRD 代码问题漏洞
aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A code issue vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which stems from the presence of an insecure deserialization vulnerability that allows attackers to execute arbitrary code...
aEnrich a+HRD SQL注入漏洞
aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. A SQL injection vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which originates from allowing an attacker to inject arbitrary SQL commands to read, modify, and delete database content...
aEnrich a+HRD 参数注入漏洞
aEnrich a+HRD is an all-around human resource development solution from Acer China aEnrich. A parameter injection vulnerability exists in aEnrich a+HRD version 6.8, 7.0, 7.1, 7.2. The vulnerability stems from the file download function of youtube-dl.exe not properly restricting the user input,...
aEnrich a+HRD 信息泄露漏洞
aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. An information disclosure vulnerability exists in aEnrich a+HRD version 6.8, 7.0, 7.1, 7.2. The vulnerability stems from the lack of restriction on specific parameters, which leads to an information...
aEnrich a+HRD 代码问题漏洞
aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A code issue vulnerability exists in aEnrich Technology a+HRD, which stems from a deserialization vulnerability in the presence of untrusted data. An unauthenticated, remote attacker could use this...
CVE-2022-39040 aEnrich a+HRD - Path Traversal
aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2022-39039 aEnrich a+HRD - Server-Side Request Forgery (SSRF)
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTPs request to launch Server-Side Request Forgery SSRF attack, to perform arbitrary system command or disrupt service...
CVE-2022-39040 aEnrich a+HRD - Path Traversal
aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
PT-2023-13674 · Unknown · Aenrich A+Hrd
Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD affected versions not specified Description: The issue is related to insufficient user input validation for a specific API parameter, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This can lead to...
CVE-2022-26676
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...
aEnrich a+HRD 安全漏洞
aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. The aEnrich a+HRD has a security vulnerability that allows an unauthenticated, remote attacker to control the system or disrupt services by uploading and executing malicious scripts using API functions...