2 matches found
CVE-2025-44040
An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via UserService.php and the checkForOldHash function. Authentication decisions may be made via PHP loose-equality comparisons if a specific MD5 value is present in the credential store. NOTE: this is disputed by the Supplier...
CVE-2025-44040
CVE-2025-44040 affects OrangeHRM v5.7. The vulnerability arises from UserService.php and the checkForOldHash function, where authentication decisions may rely on PHP loose-equality comparisons when a specific MD5 value is present in the credential store. This can enable privilege escalation. Sour...