Inadequate Privilege Restrictions in aEnrich a+HRD: Remote Code Execution Vulnerability

Inadequate Privilege Restrictions in aEnrich a+HRD: Remote Code Execution Vulnerability

CVE-2022-26676 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.

Learn more about our Api Penetration Testing.