by vicarius
log in join community
by @jakaba
23 Mar 2024
#cve_analysis

Write a blog analysis for a CVE

publish

Authenticated SQLi in OrangeHRM (CVE-2020-29437)

by @jakaba
by @jakaba
23 Mar 2024
#cve_analysis

Write a blog analysis for a CVE

publish

Authenticated SQLi in OrangeHRM (CVE-2020-29437)

CVEs

CVE-2020-29437
8.1 High Severity

Apps

O
OrangehrmOrangehrm
4.6.0.1.*
4.3.5.1.*
*.*
2.6.11.2.*
2.2.2.1.*
2.6.11.3.*
2.2.2.2.*
2.6.12.1.*
2.2.0.3.*
2.6.0.2.*

Screenshots from the blog posts

images/clu80k0ay873f1jln3n1a5kns.jpgimages/clu80k0ay873f1jln3n1a5kns.jpg

Summary

The discovery of CVE-2020-29437 during a routine security audit in OrangeHRM highlighted a critical flaw: authenticated users, even those with minimal privileges, could exploit a SQL injection vulnerability within the "Buzz" module.

Description

Tags

#SQLi#trending
users/photos/clj8b3h1k16g10uoihwvzgsxi.png

@jakaba

74 posts

Total vcoins

0

Social media links

Comments (0)