CVE-2020-29437

SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint.
References
Configurations

Configuration 1

cpe:2.3:a:orangehrm:orangehrm:*:*:*:*:*:*:*:*

Information

Published : 2021-01-05 09:15

Updated : 2021-01-07 05:39


NVD link : CVE-2020-29437

Mitre link : CVE-2020-29437

Products Affected
No products.
CWE