VYPR
Unrated severityNVD Advisory· Published Apr 6, 2022· Updated Aug 3, 2024

CVE-2022-27108

CVE-2022-27108

Description

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.