216.73.217.19

CVE-2026-24035

· Published 22/01/2026 04:15 · Modified 22/01/2026 04:15

Labels: CVE-2026-24035 2026-01-22CVE-2026-24035CWE-284[email protected]

Essential information

Published
22/01/2026 04:15
Modified
22/01/2026 04:15
Author
Creator
CVSS
4.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

Horilla is a free and open source Human Resource Management System (HRMS). An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without proper authorization. This occurs due to insufficient server-side validation of the employee_id parameter during file upload operations, allowing any authenticated employee to upload document in behalf of any employee. Version 1.5.0 fixes the issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
horilla / horilla cpe:2.3:a:horilla:horilla:1.4.0-1.5.0:*:*:*:*:*:*:*

References