PT-2021-11664 · Orangehrm · Orangehrm

Nvn1729

Published

2021-01-05

Updated

2021-01-07

CVE-2020-29437

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: OrangeHRM versions through 4.6

Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands via the loadMorePostsForm[profileUserId] parameter to the "buzz/loadMoreProfile" endpoint. This is due to a SQL injection in the Buzz module of OrangeHRM.

Recommendations: For versions through 4.6, consider disabling the loadMorePostsForm[profileUserId] parameter in the "buzz/loadMoreProfile" endpoint as a temporary workaround until a patch is available. Restrict access to the Buzz module to minimize the risk of exploitation. Avoid using the loadMorePostsForm[profileUserId] parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-29437

Affected Products

Orangehrm

PT-2021-11664 · Orangehrm · Orangehrm

CVE-2020-29437

Weakness Enumeration

Related Identifiers

Affected Products

References · 9