CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt