CNNVD-202509-3860 Information
CNNVD ID
CNNVD-202509-3860
Related CVE
- CNNVD Published: 2025-09-24
Description (Chinese)
Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.3.0版本存在安全漏洞,该漏洞源于对用户控制的查询参数不安全使用eval函数,可能导致远程代码执行。
Description (English)
Horilla is a free open-source human resources software for Horilla. There is a security loophole in version Horilla 1.3.0 which stems from the unsafe use of the eval function for user-controlled query parameters, which may lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
HortusFox
Published
2025-09-24
Last Modified
2026-02-24
References
https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc https://access.redhat.com/security/cve/cve-2025-48868
Patch
https://github.com/horilla-opensource/horilla/releases
Share on: