OrangeHRM REDIRECT Function Remote Security Bypass Vulnerability
BID:26351
Info
OrangeHRM REDIRECT Function Remote Security Bypass Vulnerability
| Bugtraq ID: | 26351 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-5931 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 30 2007 12:00AM |
| Updated: | Nov 20 2007 07:14PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
OrangeHRM OrangeHRM 2.2.1 OrangeHRM OrangeHRM 2.2 OrangeHRM OrangeHRM 2.1 |
| Not Vulnerable: |
OrangeHRM OrangeHRM 2.2.2 |
Discussion
Exploit / POC
OrangeHRM REDIRECT Function Remote Security Bypass Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
OrangeHRM REDIRECT Function Remote Security Bypass Vulnerability
Solution:
The vendor has released OrangeHRM 2.2.2 to address this issue. Please see the references for more information.
OrangeHRM OrangeHRM 2.2
OrangeHRM OrangeHRM 2.1
OrangeHRM OrangeHRM 2.2.1
Solution:
The vendor has released OrangeHRM 2.2.2 to address this issue. Please see the references for more information.
OrangeHRM OrangeHRM 2.2
-
OrangeHRM OrangeHRM 2.2.2
http://downloads.sourceforge.net/orangehrm/orangehrm-2.2.2.tar.gz?modt ime=1193928235&big_mirror=0
OrangeHRM OrangeHRM 2.1
-
OrangeHRM OrangeHRM 2.2.2
http://downloads.sourceforge.net/orangehrm/orangehrm-2.2.2.tar.gz?modt ime=1193928235&big_mirror=0
OrangeHRM OrangeHRM 2.2.1
-
OrangeHRM OrangeHRM 2.2.2
http://downloads.sourceforge.net/orangehrm/orangehrm-2.2.2.tar.gz?modt ime=1193928235&big_mirror=0
References
OrangeHRM REDIRECT Function Remote Security Bypass Vulnerability
References:
References:
- OrangeHRM 2.2.2 Change Log (OrangeHRM)
- OrangeHRM Homepage (OrangeHRM)