A+Hrd

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

Published: 2025-11-12T07:38:30.394Z
Updated: 2025-11-12T17:01:46.367Z

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

Published: 2025-11-12T07:35:43.207Z
Updated: 2025-11-12T17:02:29.442Z

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.

Published: 2025-11-12T07:30:18.298Z
Updated: 2025-11-12T16:24:25.239Z

The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.

Published: 2025-01-20T02:28:02.503Z
Updated: 2025-02-12T20:41:20.485Z

The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Published: 2025-01-20T02:17:29.155Z
Updated: 2025-01-21T14:39:00.962Z

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.

Published: 2025-01-20T02:06:19.718Z
Updated: 2025-01-21T14:43:40.739Z

The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

Published: 2025-01-20T01:51:47.137Z
Updated: 2025-02-12T20:41:20.728Z

aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.

Published: 2024-04-15T02:41:18.782Z
Updated: 2024-08-01T20:20:01.574Z

aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.

Published: 2024-04-15T02:14:39.724Z
Updated: 2024-10-18T15:44:24.362Z

aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application

Published: 2022-09-09T15:54:37.000Z
Updated: 2024-08-03T06:03:52.068Z

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x

Published: 2022-09-09T15:48:42.000Z
Updated: 2024-08-03T06:03:52.634Z

aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.

Published: 2022-09-09T15:59:02.000Z
Updated: 2024-08-03T06:03:52.596Z