CVE-2026-39347— OrangeHRM 授权问题漏洞

OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion

OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability is fixed in 5.8.1.

N/A

授权机制不恰当

OrangeHRM 授权问题漏洞

OrangeHRM是美国OrangeHRM公司的一套人力资源管理系统（HRM）。该系统支持人事信息管理、休假管理、考勤管理和招聘管理等功能。 OrangeHRM 5.8及之前版本存在授权问题漏洞，该漏洞源于允许管理员用户在自我评估提交完成后更改内容，可能破坏最终评估记录的完整性。

N/A

N/A