4 matches found
CVE-2012-1506
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from...
CVE-2012-1506
OrangeHRM prior to 2.7 is affected by CVE-2012-1506: a SQL injection in the updateStatus function (lib/models/benefits/Hsp.php) triggered by the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. The vulnerability allows remote authenticated users to craft input that alters the SQL qu...
CVE-2012-1506
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from...
Multiple vulnerabilities in OrangeHRM
Advisory ID: HTB23080 Product: OrangeHRM Vendor: OrangeHRM Inc. Vulnerable Versions: 2.7 RC and probably prior Tested Version: 2.7 RC Vendor Notification: 7 March 2012 Vendor Patch: 24 April 2012 Public Disclosure: 9 May 2012 Vulnerability Type: SQL Injection, Cross-Site Scripting XSS CVE...