CNNVD-202601-3899 Information

CNNVD ID

CNNVD-202601-3899

Related CVE

CVE-2026-24010

• CNNVD Published: 2026-01-22

Description (Chinese)

Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.5.0之前版本存在安全漏洞，该漏洞源于文件上传漏洞结合社会工程学，可能导致凭据窃取和账户接管。

Description (English)

Horilla is a free open-source human resources software for Horilla. Prior to Horilla 1.5.0, there was a security loophole, which stemmed from the document upload loophole combined with social engineering, which could lead to document theft and account takeover.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Horilla

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/horilla-opensource/horilla/releases/tag/1.5.0 https://github.com/horilla-opensource/horilla/security/advisories/GHSA-5jfv-gw8w-49h3

Patch

https://github.com/horilla-opensource/horilla/releases