cbcvebase.
CVE-2012-5367
published 2012-12-03

CVE-2012-5367: Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField…

PriorityP336medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
1.32%
67.3th percentile
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.

Affected

1 ranges
VendorProductVersion rangeFixed in
orangehrmorangehrm
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.