CNNVD-202511-3034 Information
CNNVD ID
CNNVD-202511-3034
Related CVE
- CNNVD Published: 2025-11-29
Description (Chinese)
OrangeHRM是美国OrangeHRM公司的一套人力资源管理系统(HRM)。该系统支持人事信息管理、休假管理、考勤管理和招聘管理等功能。 OrangeHRM 5.0版本至5.7版本存在代码注入漏洞,该漏洞源于邮件配置输入处理不当,可能导致文件写入和代码执行。
Description (English)
OrangeHRM is a human resources management system (HRM) for OrangeHRM in the United States. The system supports functions such as personnel information management, leave administration, attendance and recruitment management. OrangeHRM versions 5.0 to 5.7 contain a code-injecting loophole that results from inappropriate mail configuration input processing, which may lead to document writing and code execution.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
OrangeHRM
Published
2025-11-29
Last Modified
2026-02-24
References
https://github.com/orangehrm/orangehrm/security/advisories/GHSA-2w7w-h5wv-xr55 https://access.redhat.com/security/cve/cve-2025-66224
Patch
https://github.com/orangehrm/orangehrm/releases
Share on: