CVE-2024-36428 Information

Description

OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.

Reference

https://github.com/4rdr/proofs/blob/main/info/OrangeHRM_3.3.3_SQLi_via_sortOrder.md https://sourceforge.net/projects/orangehrm/files/stable/3.3.3/