CVE-2023-3307

CVE-2023-3307 affects miniCal 1.0.0 with a SQL injection vulnerability in the /booking/show_bookings/ endpoint via the search_query parameter. Multiple sources confirm remote exploitation chances and public disclosure. Root cause: lack of input validation on the search_query parameter leading to ...

CVE-2023-3307 miniCal sql injection

A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/showbookings/. The manipulation of the argument searchquery leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to th...

miniCal SQL注入漏洞

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 SQL injection vulnerability , the vulnerability stems from the file /booking/showbookings/ parameter searchquery lack of validation of external input SQL statements , an attacker can use this vulnerability to execute illegal...

miniCal Cross-Site Request Forgery Vulnerability

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site request forgery vulnerability , attackers can use the GIA vulnerability to forge malicious requests to lure the victim to click to perform sensitive operations...

miniCal CSV Injection Vulnerability

miniCal is miniCal open source an open source PMS. miniCal 1.0.0 and earlier versions exist CSV injection vulnerability , the vulnerability stems from improperly neutralized formula elements in CSV files , an attacker can exploit the vulnerability to remotely execute code...

miniCal Cross-Site Scripting Vulnerability

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...

CVE-2023-33408

Minical 1.0.0 is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to insufficient input validation in the application's user input handling in the securityhelper.php file...

CVE-2023-33410

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...

CVE-2023-33408

Minical 1.0.0 is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to insufficient input validation in the application's user input handling in the securityhelper.php file...

CVE-2023-33409

Minical 1.0.0 is vulnerable to Cross Site Request Forgery CSRF via minical/public/application/controllers/settings/company.php...

CVE-2023-33409

Minical 1.0.0 is vulnerable to Cross Site Request Forgery CSRF via minical/public/application/controllers/settings/company.php...

CVE-2023-33409

Minical 1.0.0 is vulnerable to Cross Site Request Forgery CSRF via minical/public/application/controllers/settings/company.php...

CVE-2023-33410

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...

CVE-2023-33408

Minical 1.0.0 is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to insufficient input validation in the application's user input handling in the securityhelper.php file...

Input validation

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file...

Cross site request forgery (csrf)

Minical 1.0.0 is vulnerable to Cross Site Request Forgery CSRF via minical/public/application/controllers/settings/company.php...

Cross site scripting

Minical 1.0.0 is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to insufficient input validation in the application's user input handling in the securityhelper.php file...

PT-2023-24336 · Minical · Minical

Name of the Vulnerable Software and Affected Versions: Minical versions 1.0.0 and earlier Description: The issue is related to a CSV injection vulnerability that allows an attacker to execute remote code. This is due to insufficient input validation on the Customer Name field in the Accounting...

miniCal 安全漏洞

miniCal is miniCal open source an open source PMS. miniCal 1.0.0 and earlier versions exist CSV injection vulnerability , the vulnerability stems from improperly neutralized formula elements in CSV files , an attacker can exploit the vulnerability to remotely execute code...

CVE-2023-33410

CVE-2023-33410 affects Minical 1.0.0 and earlier. The vulnerability stems from insufficient input validation in the Customer Name field of the Accounting module used to construct CSV files, enabling a CSV injection that, per sources, can allow an attacker to execute remote code. Affected versions...