{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T15:19:25.059","vulnerabilities":[{"cve":{"id":"CVE-2026-24035","sourceIdentifier":"security-advisories@github.com","published":"2026-01-22T04:15:59.453","lastModified":"2026-01-29T19:02:03.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Horilla is a free and open source Human Resource Management System (HRMS). An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without proper authorization. This occurs due to insufficient server-side validation of the employee_id parameter during file upload operations, allowing any authenticated employee to upload document in behalf of any employee. Version 1.5.0 fixes the issue."},{"lang":"es","value":"Horilla es un Sistema de Gestión de Recursos Humanos (HRMS) gratuito y de código abierto. Existe una vulnerabilidad de control de acceso inadecuado en el software Horilla HR a partir de la versión 1.4.0 y anterior a la versión 1.5.0, que permite a cualquier empleado autenticado subir documentos en nombre de otro empleado sin la autorización adecuada. Esto ocurre debido a una validación insuficiente del lado del servidor del parámetro employee_id durante las operaciones de carga de archivos, lo que permite a cualquier empleado autenticado subir documentos en nombre de cualquier empleado. La versión 1.5.0 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:horilla:horilla:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"55143854-C369-4CAA-B671-90EFC9170F64"}]}]}],"references":[{"url":"https://drive.google.com/file/d/1i00-NnipvxH8bGY-SyqEjnDQfxIbVGRR/view?usp=sharing","source":"security-advisories@github.com","tags":["Exploit"]},{"url":"https://github.com/horilla-opensource/horilla/releases/tag/1.5.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/horilla-opensource/horilla/security/advisories/GHSA-fm3f-xpgx-8xr3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}