Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/05/22 4:36 p.m.8 views

CVE-2020-29437

SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsFormprofileUserId parameter to the buzz/loadMoreProfile endpoint...

8.1CVSS8.4AI score0.02325EPSS
Exploits1
nvd
nvd
added 2021/01/05 9:15 p.m.11 views

CVE-2020-29437

SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsFormprofileUserId parameter to the buzz/loadMoreProfile endpoint...

8.1CVSS8.5AI score0.02325EPSS
Exploits1References4
osv
osv
added 2021/01/05 9:15 p.m.18 views

CVE-2020-29437

SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsFormprofileUserId parameter to the buzz/loadMoreProfile endpoint...

8.1CVSS8.6AI score
Exploits0References4
cvelist
cvelist
added 2021/01/05 8:30 p.m.19 views

CVE-2020-29437

SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsFormprofileUserId parameter to the buzz/loadMoreProfile endpoint...

8.5AI score0.02325EPSS
Exploits1References4
cve
cve
added 2021/01/05 8:30 p.m.46 views

CVE-2020-29437

CVE-2020-29437 describes an SQL injection in the Buzz module of OrangeHRM (up to version 4.6) that allows remote authenticated attackers to execute arbitrary SQL commands via the loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint. The underlying issue is unvalidated i...

8.1CVSS8.4AI score0.02325EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder