CVE-2022-2111 Unrestricted Upload of File with Dangerous Type in inventree/inventree

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2...

CVE-2022-2111 Unrestricted Upload of File with Dangerous Type in inventree/inventree

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2...

GHSA-FR2W-MP56-G4XP Unrestricted Attachment Upload

Impact InvenTree allows unrestricted upload of files as attachments to various database fields. Potentially dangerous files such as HTML files containing malicious javascript can be uploaded, and when opened by the user run the malicious code directly in the users browser. Note that the upload of...

PT-2022-14864 · Inventree · Inventree

Name of the Vulnerable Software and Affected Versions: inventree versions prior to 0.7.2 Description: The issue is related to the improper neutralization of formula elements in a CSV file. This problem affects the inventree GitHub repository. Recommendations: For versions prior to 0.7.2, update t...

InvenTree 跨站脚本漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A cross-site scripting vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application's lack of filtering and escapin...

InvenTree 代码问题漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A file upload vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application's lack of effective validation of upload...

PT-2022-14863 · Inventree · Inventree

Name of the Vulnerable Software and Affected Versions: inventree/inventree versions prior to 0.7.2 Description: The issue concerns an unrestricted upload of files with dangerous types in the GitHub repository inventree/inventree. This allows potentially dangerous files, such as HTML files...

InvenTree 安全漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A CSV injection vulnerability exists in InvenTree versions prior to 0.7.2, which stems from an application that does not filter the escaping of...

InvenTree Deploys a Weak Password Change Mechanism

Description When setting a new user password, InvenTree does not require knowledge of the original password or using another form of authentication. Proof of Concept 1. Log in as a regular user 2. Go to the account settings link 3. Select Set Password 4. Enter any 8-character password string this...

Stored XSS in Supplier Company Name

Description The application inventree is vulnerable to Stored XSS in supplier company name field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1KDrwbWkftO-cNrd-4XSoNh27Z3vqiMR/view?usp=sharing...

Stored XSS in Supplier Company Description

Description The application inventree is vulnerable to Stored XSS in supplier company description field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/115LLo4rxW7RzWd7hevbSFAlf-V83OUhU/view?usp=sharing...

Stored XSS in Customer Company Name

Description The application inventree is vulnerable to Stored XSS in customer company name field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/11tKQzqKFobDEuqigsQYIdQhMnqSLIBsi/view?usp=sharing...

Unrestricted File Upload in Part Attachment

Description The application inventree allows users to upload any file in part attachment allowing attacker to render files such as HTML in the browser. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1vurBkHegeYCwbXopE5Yhyb702rYgG9FM/view?usp=sharing...

Formula Injection Part Description

Description Formula Injection/CSV Injection in inventree due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept Video PoC link: https://drive.google.com/file/d/1mfBTUDS1iZ4uJfBpc568WgpdZdN5f/view?usp=sharing...

Stored XSS in Part Revision

Description The application inventree is vulnerable to Stored XSS in part revision field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1ZobGHiFXbhPG0agsH8mcg8VMsrjSuUP/view?usp=sharing...

Stored XSS in Part IPN

Description The application inventree is vulnerable to Stored XSS in part IPN field. Proof of Concept Video PoC link: https://drive.google.com/file/d/1HEy7XS89FlzVSPFGilowBrBDMPAfCs/view?usp=sharing...

Stored XSS in Part Parameter

Description The application inventree is vulnerable to Stored XSS in part parameter field. Proof of Concept Video PoC link: https://drive.google.com/file/d/19MiGIB3Q1VzdmMBttCKiEtFKR34z-2/view?usp=sharing...

Stored XSS in Part Description

Description The application inventree is vulnerable to Stored XSS in part description field. Proof of Concept Video PoC link: https://drive.google.com/file/d/1ZFgWiVpalxZ8zGeDrErezjZCQjB3VP-w/view?usp=sharing...