Security Vulnerabilities Fixed with OrangeHRM 2.6.11.2 By admin

A few vulnerability issues were identified in OrangeHRM version 2.6.11, by a company named Advisory Htbridge Ch and these issues were analyzed and fixed in an immediate release, OrangeHRM 2.6.11.2. The following vulnerability issues were identified:
  1. Input passed via the "uniqcode" GET parameter to index.php is not properly sanitised before being returned to the user.
  2. Input passed via the "isAdmin" GET parameter to index.php is not properly sanitised before being returned to the user.
  3. Input appended to the URL after /lib/controllers/centralcontroller.php is not properly sanitised before being returned to the user.
  4. Input passed via the "id" GET parameter to /lib/controllers/centralcontroller.php is not properly sanitised before being used in a SQL query.
We are thankful to those who identified and reported these issues to OrangeHRM. OrangeHRM is looking forward to hear from such 3rd party organizations which carry out independent testing on our product and help us immensely to build a system with minimum issues. Download OrangeHRM 2.6.11.2 today!