CVE-2024-36428

OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.

Published Date :

Last Modified :

Source :

The following products are affected by CVE-2024-36428 vulnerability.

Vendors	Products
Orangehrm	Orangehrm

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36428.

URL	Resource
https://github.com/4rdr/proofs/blob/main/info/OrangeHRM_3.3.3_SQLi_via_sortOrder.md
https://sourceforge.net/projects/orangehrm/files/stable/3.3.3/

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact