7 matches found
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...
PT-2026-7867
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...
CVE-2025-70981
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter. Root cause: unsanitized input leading to SQLi. Impact: high confidentiality, integrity, and availability impact per CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:...
OrangeHRM 3.1.1 Cross Site Scripting
============================================================== Title ...| XSS vulnerability in OrangeHRM Version .| OrangeHRM 3.1.1 Date ....| 28.02.2014 Found ...| HauntIT Blog Home ....| http://www.orangehrm.com ============================================================== + from admin user:...