OrangeHRM Blog
Voice of Free & Open Source HR System
9
Dec

Security Vulnerabilities Fixed with OrangeHRM 2.6.11.2

Posted in General  by Tina

A few vulnerability issues were identified in OrangeHRM version 2.6.11, by a company named Advisory Htbridge Ch and these issues were analyzed and fixed in an immediate release, OrangeHRM 2.6.11.2.

The following vulnerability issues were identified:

  1. Input passed via the “uniqcode” GET parameter to index.php is not properly sanitised before being returned to the user.
  2. Input passed via the “isAdmin” GET parameter to index.php is not properly sanitised before being returned to the user.
  3. Input appended to the URL after /lib/controllers/centralcontroller.php is not properly sanitised before being returned to the user.
  4. Input passed via the “id” GET parameter to /lib/controllers/centralcontroller.php is not properly sanitised before being used in a SQL query.

We are thankful to those who identified and reported these issues to OrangeHRM. OrangeHRM is looking forward to hear from such 3rd party organizations which carry out independent testing on our product and help us immensely to build a system with minimum issues.

Download OrangeHRM 2.6.11.2 today!

Leave a Comment

 

Copyright © 2014 OrangeHRM Inc All rights reserved. Powered By WordPress