Unrated severityNVD Advisory· Published Jan 5, 2021· Updated Aug 4, 2024
CVE-2020-29437
CVE-2020-29437
Description
SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OrangeHRM/OrangeHRMdescription
Patches
Vulnerability mechanics
References
4- github.com/orangehrm/orangehrm/issues/695mitrex_refsource_MISC
- github.com/orangehrm/orangehrm/pull/699mitrex_refsource_MISC
- github.com/orangehrm/orangehrm/releasesmitrex_refsource_CONFIRM
- www.horizon3.ai/disclosures/orangehrm-sqli.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.