Arbitrary Command Execution Vulnerability in OrangeHRM 4.3.1 and Earlier

Arbitrary Command Execution Vulnerability in OrangeHRM 4.3.1 and Earlier

CVE-2019-12839 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.

Learn more about our Web Application Penetration Testing UK.