Vulnerability CVE-2024-36428


Published: 2024-05-27   Modified: 2024-05-28

Description:
OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.

 References:
https://github.com/4rdr/proofs/blob/main/info/OrangeHRM_3.3.3_SQLi_via_sortOrder.md
https://sourceforge.net/projects/orangehrm/files/stable/3.3.3/

Copyright 2026, cxsecurity.com

 

Back to Top