19 matches found
EUVD-2023-2464
Malicious code in bioql PyPI...
EUVD-2023-42642
Malicious code in bioql PyPI...
CVE-2023-38872
An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...
CVE-2023-38870
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...
GHSA-PQ98-6HF6-3RJ3 Economizzer remote code execution vulnerability
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...
CVE-2023-38874
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...
CVE-2023-38872
An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...
CVE-2023-38870
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...
Design/Logic Flaw
An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...
Sql injection
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...
CVE-2023-38872
An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...
CVE-2023-38870
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...
CVE-2023-38870
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...
CVE-2023-38870
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...
CVE-2023-38872
An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...
CVE-2023-38870
CVE-2023-38870 affects gugoan Economizzer, specifically the cash book feature that lists accomplishments by category. The vulnerability is in the category_id parameter, enabling SQL injection due to unsanitized input in commit 3730880 (April 2023) and in version 0.9-beta1. The CVSS 3.1 vector (AV...
PT-2023-26653 · Unknown · Economizzer
Name of the Vulnerable Software and Affected Versions: Economizzer version 0.9-beta1 Description: A remote code execution vulnerability exists via an insecure file upload. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry, allowing them to execute...
PT-2023-26651 · Unknown · Gugoan Economizzer
Name of the Vulnerable Software and Affected Versions: gugoan Economizzer versions 0.9-beta1 gugoan Economizzer commit 3730880 Description: An Insecure Direct Object Reference IDOR vulnerability allows any unauthenticated attacker to access cash book entry attachments of any other user, if they...
PT-2023-26649 · Unknown · Gugoan Economizzer
Name of the Vulnerable Software and Affected Versions: gugoan Economizzer versions 0.9-beta1 and commit 3730880 April 2023 Description: A SQL injection vulnerability exists in the cash book feature of gugoan Economizzer, specifically in the category id parameter, which is used to list...