Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader
Vulnerability Description
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This vulnerability is fixed in 5.8.1.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OrangeHRM 路径遍历漏洞
Vulnerability Description
OrangeHRM是美国OrangeHRM公司的一套人力资源管理系统(HRM)。该系统支持人事信息管理、休假管理、考勤管理和招聘管理等功能。 OrangeHRM 5.8及之前版本存在路径遍历漏洞,该漏洞源于未能限制电子邮件模板文件解析路径,可能导致读取任意本地文件。
CVSS Information
N/A
Vulnerability Type
N/A