OrangeHRM Blind SQL Injection & XSS Vulnerabilities

Posted by Rehan Ahmed on Apr 11

I. Overview
========================================================
OrangeHRM (Opensource 3.2.1, Professional & Enterprise 4.11) are prone to a multiple Blind SQL injection & XSS
vulnerabilities. These vulnerabilities allows an attacker to inject SQL commands to compromise the affected database
management system in HRM, perform operations on behalf of affected victim, redirect them to malicious sites, steal
their credentials, and…

Leave a Reply