VYPR

Simplehrm

by Simplehrm

CVEs (2)

  • CVE-2013-2499HigJan 27, 2020
    risk 0.49cvss 7.5epss 0.03

    SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.

  • CVE-2013-2498Mar 1, 2014
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.