CNNVD-202601-3897 Information

CNNVD ID

CNNVD-202601-3897

Related CVE

CVE-2026-24035

• CNNVD Published: 2026-01-22

Description (Chinese)

Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.4.0版本至1.5.0之前版本存在访问控制错误漏洞，该漏洞源于服务器端对employee_id参数验证不足，可能导致任何经过身份验证的员工代表其他员工上传文档。

Description (English)

Horilla is a free open-source human resources software for Horilla. Horilla 1.4.0 to 1.5.0 had access control error holes, which stemmed from inadequate server-end validation of employee id parameters, which could lead to the uploading of documents by any identified employee on behalf of other employees.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Horilla

Published

2026-01-22

Last Modified

2026-02-24

References

https://drive.google.com/file/d/1i00-NnipvxH8bGY-SyqEjnDQfxIbVGRR/view?usp=sharing https://github.com/horilla-opensource/horilla/releases/tag/1.5.0 https://github.com/horilla-opensource/horilla/security/advisories/GHSA-fm3f-xpgx-8xr3

Patch

https://www.horilla.com/