OrangeHRM Privilege Escalation Vulnerability in UserService.php

Vulnerability

A privilege escalation vulnerability has been identified in OrangeHRM version 5.7. The issue arises in the UserService.php file within the checkFOrOldHash function, allowing attackers to escalate privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing attackers to gain elevated rights or access within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OrangeHRM Privilege Escalation Vulnerability in UserService.php

Vulnerability

Impact

Affected Products

OrangeHRM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating