CVE-2026-44666 | zelon88 HRConvert2 up to 3.3.7 convertCore.php sanitizeString os command injection (GHSA-f74g-4wj8-j35h)

A vulnerability classified as critical was found in zelon88 HRConvert2 up to 3.3.7. Affected is the function sanitizeString of the file convertCore.php. Executing a manipulation can lead to os command injection.

This vulnerability is registered as CVE-2026-44666. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More