Test ID:	1.3.6.1.4.1.25623.1.0.805032
Category:	Web application abuses
Title:	IceHrm Multiple Security Vulnerabilities
Summary:	IceHrm is prone to multiple vulnerabilities.
Description:	Summary: IceHrm is prone to multiple vulnerabilities. Vulnerability Insight: Flaws are due to: - The service.php script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../../') supplied to the 'file' parameter. - The index.php script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../../') supplied to the 'n' and 'g' parameters. - The fileupload.php script does not properly verify or sanitize user-uploaded files via the 'file_name' POST parameter. - The login.php script does not validate input to the 'key' parameter before returning it to users. - The fileupload_page.php script does not validate input to the 'id', 'file_group', 'user' and 'msg' parameter before returning it to users. - The /data/ folder that is due to the program failing to restrict users from making direct requests to profile images for users or employees. - The HTTP requests to service.php do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, upload arbitrary files to the affected application, read and write arbitrary files in the context of the user running the affected application, and obtain potentially sensitive information. Affected Software/OS: IceHrm version 7.1 and prior. Solution: Upgrade to IceHrm 7.2 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.