CVE-2022-27108
Published
CVSS v3
4.3
MEDIUM
CVSS v2
4
MEDIUM
Affected
1
PROJECT
Description
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.
OrangeHRM is a comprehensive Human Resource Management (HRM) System that captures all the essential functionalities required for any enterprise.
GitHub