Unrated severityNVD Advisory· Published Apr 6, 2022· Updated Aug 3, 2024
CVE-2022-27108
CVE-2022-27108
Description
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/orangehrm/orangehrm/issues/1173mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.