Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/09/25 2:54 p.m.5 views

CVE-2025-48868

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

7.2CVSS8.8AI score0.02327EPSS
Exploits3References1
NVD
NVD
added 2025/09/24 2:15 p.m.7 views

CVE-2025-48868

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

7.2CVSS0.02327EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2025/09/24 1:51 p.m.2 views

CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

7.2CVSS8.5AI score0.02327EPSS
Exploits3References4
Cvelist
Cvelist
added 2025/09/24 1:51 p.m.9 views

CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

7.2CVSS0.02327EPSS
Exploits3References4
CVE
CVE
added 2025/09/24 1:51 p.m.26 views

CVE-2025-48868

Horilla 1.3.0 contains an authenticated RCE in the project_bulk_archive view due to unsafe use of Python eval on a user-controlled parameter. The underlying issue can allow privileged users to execute arbitrary commands on the server; DEBUG=True makes exploitation easier by returning command outp...

7.2CVSS8.5AI score0.02327EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder