RSS   Vulnerabilities for 'Hrsale'   RSS

2018-05-01
 
CVE-2018-10260

CWE-20
 

 
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.

 
 
CVE-2018-10259

CWE-79
 

 
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.

 
 
CVE-2018-10257

CWE-94
 

 
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

 
 
CVE-2018-10256

CWE-89
 

 
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.

 


Copyright 2018, cxsecurity.com

 

Back to Top