Arbitrary Command Execution Vulnerability in OrangeHRM 4.3.1 and Earlier
CVE-2019-12839 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
Learn more about our Web Application Penetration Testing UK.