CVE-2020-29437 - CERT CVE
ID CVE-2020-29437
Sažetak SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint.
Reference
CVSS
Base: 5.5
Impact: 4.9
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL NONE PARTIAL
CVSS vektor AV:N/AC:L/Au:S/C:P/I:N/A:P
Zadnje važnije ažuriranje 07-01-2021 - 17:39
Objavljeno 05-01-2021 - 21:15