savignano S/Notify Security Vulnerabilities

savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 4.0.2 that originates from a configuration setting that can be modified via a cross-site request forgery CSRF...

savignano S/Notify Security Vulnerabilities

savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 4.0.2 that originates from a configuration setting that can be modified via a cross-site request forgery CSRF...

CVE-2023-50930

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...

CVE-2023-50931

savignano S/Notify for Bitbucket

CVE-2023-50930

Affected product: savignano S/Notify for Jira (prior to v4.0.2). Root cause: CSRF enables an administrative user to modify configuration settings when logged in, via a malicious link or malicious website. Impact: potential for unencrypted email notifications (confidentiality impact) and configura...

CVE-2023-50932

The CVE-2023-50932 issue affects savignano S/Notify before 4.0.2 on Confluence. When an administrative user is logged in, the app’s configuration can be modified via CSRF, triggered by clicking a malicious link or visiting a malicious site. If exploited, an attacker could adjust the S/Notify conf...

CVE-2023-50932

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...

CVE-2023-50930

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...

PT-2024-14014

Name of the Vulnerable Software and Affected Versions savignano S/Notify versions prior to 2.0.1 for Bitbucket Description An issue was discovered that allows the configuration settings of S/Notify to be modified via a CSRF attack while an administrative user is logged on. This could be initiated...

CVE-2023-7186

A vulnerability was found in 7-card Fakabao up to 1.0build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be...

CVE-2023-7185

A vulnerability was found in 7-card Fakabao up to 1.0build20230805. It has been classified as critical. This affects an unknown part of the file shop/wxpaynotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be used...

CVE-2023-7184

A vulnerability was found in 7-card Fakabao up to 1.0build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may...

CVE-2023-7183

CVE-2023-7183 affects 7-card Fakabao up to 1.0_build20230805. The vulnerability is a SQL injection in the file shop/alipay_notify.php caused by improper handling of the out_trade_no parameter (unknown function issue cited). Public exploit and disclosure have been noted. Impact is reported as high...

PT-2023-32928 · Unknown · 7-Card Fakabao

Name of the Vulnerable Software and Affected Versions: 7-card Fakabao versions up to 1.0 build20230805 Description: A critical issue has been found in the software, affecting an unknown functionality of the file shop/alipay notify.php. The manipulation of the out trade no argument leads to sql...

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a content publishing platform. A SQL injection vulnerability exists in 7-card Fakabao 1.0build20230805 and classified as critical version and prior versions, which stems from an issue with an unknown function in shop/notify.php...

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a content publishing platform. A SQL injection vulnerability exists in 7-card Fakabao 1.0build20230805 and classified as critical version and prior versions, which stems from an issue with an unknown function in shop/alipaynotify.php...

PT-2023-32930 · Unknown · 7-Card Fakabao

Name of the Vulnerable Software and Affected Versions: 7-card Fakabao version 1.0 build20230805 Description: A critical issue affects an unknown part of the file shop/wxpay notify.php. The manipulation of the argument out trade no leads to sql injection. The exploit has been disclosed to the publ...

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a 7-card open source application. A SQL injection vulnerability exists in 7-card Fakabao version 1.0build20230805 and earlier versions, which stems from a problem with an unknown function in shop/wxpaynotify.php...

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a content publishing platform. A SQL injection vulnerability exists in 7-card Fakabao version 1.0build20230805 and prior versions, which stems from an issue with an unknown function in member/notify.php...

PT-2023-32929 · Unknown · 7-Card Fakabao

Name of the Vulnerable Software and Affected Versions: 7-card Fakabao versions up to 1.0 build20230805 Description: A critical issue was found in the software, affecting some unknown functionality of the file shop/notify.php. The manipulation of the out trade no argument leads to sql injection. T...