CVE-2024-36428 | OrangeHRM 3.3.3 admin/viewProjects sortOrder sql injection

Inserito da Angelo Barbosa | Mag 28, 2024 | CVE

A vulnerability, which was classified as critical, has been found in OrangeHRM 3.3.3. This issue affects some unknown processing of the file admin/viewProjects. The manipulation of the argument sortOrder leads to sql injection.

The identification of this vulnerability is CVE-2024-36428. The attack may be initiated remotely. There is no exploit available.

CVE-2024-36428 | OrangeHRM 3.3.3 admin/viewProjects sortOrder sql injection

Post correlati

CVE-2024-36450 | Webmin up to 1.900 sysinfo.cgi cross site scripting

CVE-2023-40236 | Pexip VMR Self-Service Portal up to 2 default key

CVE-2024-27337 | Kofax Power PDF TIFF File Parser stack-based overflow

CVE-2024-6373 | itsourcecode Online Food Ordering System up to 1.0 /addproduct.php photo unrestricted upload