36 matches found
Exploit for SQL Injection in Salesagility Suitecrm
CVE-2021-45041 PoC for CVE-2021-45041https://cve.mitre.org...
CVE-2021-45041
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...
CVE-2021-45041
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...
Sql injection
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...
CVE-2021-45041
SuiteCRM is affected by an authenticated SQL injection in the Tooltips action of the Project module, exploitable via resource_id and start_date. Affected versions include SuiteCRM 7.12.1 and earlier in 7.x and 8.x up to 8.0.0, with fixes released in 7.12.2 and 8.0.1. The vulnerability stems from ...
CVE-2021-45041
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...
PT-2021-24193 · Suitecrm · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.12.2 and earlier, 8.x versions prior to 8.0.1 Description: The issue allows authenticated SQL injection via the Tooltips action in the Project module, involving resource id and start date. This can be exploited by...
Improper Privilege Management in dolibarr/dolibarr
💥 BUG unprivileged user can download project file 💥 STEP TO REPRODUCE ========================== 1. From admin account add user B as normal user .\ now give user B bellow permission for project module.\ ----Read projects and tasks shared project and projects I'm contact for. Can also enter time...
Anuko Time Tracker 1.19.23.5325 CSV Injection
Exploit Title: Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection Date: 2020-10-17 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5325 Tested on: Kali Linux 2020.3 CVE: CVE-2020-15255...
SA-CONTRIB-2009-001 - Project release - Multiple vulnerabilities
Exploitable from: Remote Vulnerabilities: Arbitrary file upload, Cross-site scripting XSS The Project release module is a component within the broader Project module. This announcement covers the following two issues: 1. Project release enables file attachments to create a specific version of cod...
CVE-2007-4436
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to 1 obtain sensitive via the Tracker Module and the Recent posts page; 2 obtain project...
CVE-2007-4436
CVE-2007-4436 (Drupal Project/Project issue tracking modules) . The provided records confirm a permission- enforcement flaw in the Drupal Project module (versions before 5.x-1.0, 4.7.x-2.3/1.3) and the Project issue tracking module (before 5.x-1.0, 4.7.x-2.4/1.4). The root cause is improper permi...
CVE-2007-4436
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to 1 obtain sensitive via the Tracker Module and the Recent posts page; 2 obtain project...
Project and Project issue tracking - Multiple vulnerabilities
Multiple vulnerabilities have been discovered and fixed in the Project and Project issue tracking modules: Access bypass in Project issue tracking Due to an error in the projectissueaccess function, users with the 'Access project issues' permission would have full access to all issues on a site,...
CVE-2006-2260
Cross-site scripting XSS vulnerability in the project module project.module in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...
CVE-2006-2260
CVE-2006-2260 is described as a cross-site scripting (XSS) vulnerability in Drupal’s project.module, affecting Drupal 4.5 and 4.6. The vulnerability permits remote attackers to inject arbitrary web script or HTML via unknown attack vectors. The connected documents do not provide concrete exploita...