CVE-2011-5259

Publication date

2013-02-12 20:00:00

Family

mitre

State

PUBLISHED

Description

SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.