5 matches found
CVE-2025-48868
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...
CVE-2025-48868
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...
CVE-2025-48868
Horilla 1.3.0 contains an authenticated RCE in the project_bulk_archive view due to unsafe use of Python eval on a user-controlled parameter. The underlying issue can allow privileged users to execute arbitrary commands on the server; DEBUG=True makes exploitation easier by returning command outp...