Vulnerability Details CVE-2011-5259
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v2 Score 6.8
References
- http://blog.orangehrm.com/2011/12/09/security-vulnerabilities-fixed-with-orangehrm-26112/
- http://osvdb.org/show/osvdb/77418
- http://secunia.com/advisories/47014
- http://www.securityfocus.com/archive/1/520684/100/0/threaded
- http://www.securityfocus.com/bid/50857
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71569
- https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_orangehrm.html
- http://blog.orangehrm.com/2011/12/09/security-vulnerabilities-fixed-with-orangehrm-26112/
- http://osvdb.org/show/osvdb/77418
- http://secunia.com/advisories/47014
- http://www.securityfocus.com/archive/1/520684/100/0/threaded
- http://www.securityfocus.com/bid/50857
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71569
- https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_orangehrm.html
Products affected by CVE-2011-5259
-
cpe:2.3:a:orangehrm:orangehrm:-
-
cpe:2.3:a:orangehrm:orangehrm:2.1
-
cpe:2.3:a:orangehrm:orangehrm:2.2.0.2
-
cpe:2.3:a:orangehrm:orangehrm:2.2.0.3
-
cpe:2.3:a:orangehrm:orangehrm:2.2.1
-
cpe:2.3:a:orangehrm:orangehrm:2.2.2
-
cpe:2.3:a:orangehrm:orangehrm:2.2.2.1
-
cpe:2.3:a:orangehrm:orangehrm:2.2.2.2
-
cpe:2.3:a:orangehrm:orangehrm:2.3
-
cpe:2.3:a:orangehrm:orangehrm:2.3.0
-
cpe:2.3:a:orangehrm:orangehrm:2.4
-
cpe:2.3:a:orangehrm:orangehrm:2.4.0
-
cpe:2.3:a:orangehrm:orangehrm:2.4.1
-
cpe:2.3:a:orangehrm:orangehrm:2.4.2
-
cpe:2.3:a:orangehrm:orangehrm:2.5
-
cpe:2.3:a:orangehrm:orangehrm:2.5.0
-
cpe:2.3:a:orangehrm:orangehrm:2.6
-
cpe:2.3:a:orangehrm:orangehrm:2.6.0
-
cpe:2.3:a:orangehrm:orangehrm:2.6.0.1
-
cpe:2.3:a:orangehrm:orangehrm:2.6.1
-
cpe:2.3:a:orangehrm:orangehrm:2.6.10
-
cpe:2.3:a:orangehrm:orangehrm:2.6.11
-
cpe:2.3:a:orangehrm:orangehrm:2.6.2
-
cpe:2.3:a:orangehrm:orangehrm:2.6.3
-
cpe:2.3:a:orangehrm:orangehrm:2.6.4
-
cpe:2.3:a:orangehrm:orangehrm:2.6.5
-
cpe:2.3:a:orangehrm:orangehrm:2.6.6
-
cpe:2.3:a:orangehrm:orangehrm:2.6.7
-
cpe:2.3:a:orangehrm:orangehrm:2.6.8
-
cpe:2.3:a:orangehrm:orangehrm:2.6.8.1
-
cpe:2.3:a:orangehrm:orangehrm:2.6.9