2 matches found
CVE-2026-24035
Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...
CVE-2026-24035
Horilla HRMS (Horilla) has an Improper Access Control vulnerability affecting versions 1.4.0 up to but not including 1.5.0. The issue stems from insufficient server-side validation of the employee_id parameter during file uploads, allowing any authenticated employee to upload documents on behalf ...