2 matches found
CVE-2022-27108
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...
CVE-2022-27108
CVE-2022-27108 relates to OrangeHRM 4.10 and is due to an Insecure Direct Object Reference (IDOR) in the endpoint symfony/web/index.php/time/createTimesheet. The vulnerability allows any user to create a timesheet in another user’s account. Connected documents corroborate the same description acr...