12 matches found
ITFlow 安全漏洞
ITFlow is an open-source IT documentation, ticket management, and billing ERP software developed by ITFlow. Versions of ITFlow prior to 10.0.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of action parameters in the flow/admin/moniteur.php script,...
CVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...
CVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...
CVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...
PT-2026-3025
Name of the Vulnerable Software and Affected Versions Itflow versions through 25.06 Description An SQL injection issue exists in Itflow due to insufficient sanitization of integer parameters. Specifically, the "role id" parameter is vulnerable when editing a profile. An attacker with administrati...
CVE-2025-67081
Itflow is affected by CVE-2025-67081 through version 25.06. The issue is an SQL injection in the role_id parameter used when editing a profile, exploitable by an admin account via blind SQL injection to extract arbitrary data. The root cause is insufficient sanitization of an integer parameter. M...
CVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...
CVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...
CVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...
Itflow security vulnerabilities
ITFlow is an open-source IT documentation, ticket management, and billing ERP software developed by ITFlow. Versions of Itflow 25.06 and earlier contain security vulnerabilities. These vulnerabilities stem from insufficient cleaning of the integer parameter roleid, which may lead to SQL injection...
ITFlow Cross-Site Request Forgery Vulnerability
ITFlow is ITFlow open source ERP software for customer IT documentation, ticketing and billing. A cross-site request forgery vulnerability exists in versions prior to ITFlow commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378. An attacker could exploit this vulnerability to change system settings...
ITFlow Cross Site Request Forgery
CVE: CVE-2024-25344 CWE: CWE-352 Vendor: ITFlow.org Affected product: ITFlow - Before commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 Discoverer: stehled, WP-Pomoc.cz Attack-Type: Remote AV: Admin user has to open a page, provided by an attacker, which will then perform malicious request changing...