OrangeHRM version 2.7 RC and probably prior suffers from SQL injection and cross-site scripting (XSS) vulnerabilities:
1. SQL Injection: Input passed via the "hspSummaryId" GET parameter to "plugins/ajaxCalls/haltResumeHsp.php" script is not properly sanitised before being used in SQL "UPDATE" query.
3. Cross-Site Scripting (XSS): Input passed via the "newHspStatus" GET parameter to "plugins/ajaxCalls/haltResumeHsp.php", "sortOrder" GET parameter to "templates/hrfunct/emppop.php", "uri" GET parameter to "index.php" scripts are not properly sanitised before being returned to the user.
Vulnerability ID: HTB23080
Vendor Notification / Patch / Public Disclosure Dates: 7 March / 24 April / 9 May 2012
Vulnerabilities Type: SQL injection, Cross-site scripting (XSS)
Risk level: High
Solution Status: Fixed by Vendor, upgrade to OrangeHRM 2.7 Stable Release.
No comments:
Post a Comment