CVE-2012-1506

OrangeHRM < 2.7 - Authenticated SQL Injection via hspSummaryId Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1506. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in OrangeHRM 2.7 RC via the `hspSummaryId` parameter in the `haltResumeHsp.php` endpoint. The payload uses a time-based blind SQLi technique with `BENCHMARK` and conditional logic to infer database information.

Description

SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/37142

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in OrangeHRM 2.7 RC via the `hspSummaryId` parameter in the `haltResumeHsp.php` endpoint. The payload uses a time-based blind SQLi technique with `BENCHMARK` and conditional logic to infer database information.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: OrangeHRM 2.7 RC

No auth needed

Prerequisites: Network access to the target OrangeHRM instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/53433

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/81743

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23080

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49072

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/75472

Patch x_refsource_confirm

http://blog.orangehrm.com/2012/04/24/orangehrm-27-stable-release-with-complete-localization/

Scores

EPSS 0.0130

EPSS Percentile 66.8%

Details

CWE

CWE-89

Status published

Products (19)

orangehrm/orangehrm 2.6

orangehrm/orangehrm 2.6.0

orangehrm/orangehrm 2.6.0.1

orangehrm/orangehrm 2.6.1

orangehrm/orangehrm 2.6.2

orangehrm/orangehrm 2.6.3

orangehrm/orangehrm 2.6.4

orangehrm/orangehrm 2.6.5

orangehrm/orangehrm 2.6.6

orangehrm/orangehrm 2.6.7

... and 9 more

Published Sep 17, 2014

Tracked Since Feb 18, 2026