CVE-2026-39346
OrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL Encoding
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fixed in 5.8.1.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
orangehrm · orangehrm¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →