Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2464

Malicious code in bioql PyPI...

3.7CVSS4.8AI score0.00599EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-42642

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00825EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.4 views

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

3.7CVSS6.9AI score0.00599EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.8 views

CVE-2023-38870

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...

9.8CVSS7.8AI score0.00825EPSS
Exploits1
OSV
OSV
added 2023/09/28 6:30 a.m.13 views

GHSA-PQ98-6HF6-3RJ3 Economizzer remote code execution vulnerability

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS9.2AI score0.28487EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/09/28 4:15 a.m.4 views

CVE-2023-38874

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS6.7AI score0.28487EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/09/28 4:15 a.m.11 views

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

3.7CVSS5.8AI score0.00599EPSS
Exploits1References4
NVD
NVD
added 2023/09/28 4:15 a.m.14 views

CVE-2023-38870

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...

9.8CVSS9.7AI score0.00825EPSS
Exploits1References3
Prion
Prion
added 2023/09/28 4:15 a.m.16 views

Design/Logic Flaw

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

2.6CVSS4.3AI score0.00599EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/09/28 4:15 a.m.12 views

Sql injection

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...

7.5CVSS9.6AI score0.00825EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/09/28 12:0 a.m.32 views

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

4.5AI score0.00599EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/09/28 12:0 a.m.19 views

CVE-2023-38870

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...

10AI score0.00825EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/09/28 12:0 a.m.13 views

CVE-2023-38870

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...

7.8AI score0.00825EPSS
Exploits1References3
OSV
OSV
added 2023/09/28 12:0 a.m.15 views

CVE-2023-38870

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...

9.8CVSS8AI score0.00825EPSS
Exploits1References5
OSV
OSV
added 2023/09/28 12:0 a.m.23 views

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

3.7CVSS7.1AI score0.00599EPSS
Exploits1References5
CVE
CVE
added 2023/09/28 12:0 a.m.94 views

CVE-2023-38870

CVE-2023-38870 affects gugoan Economizzer, specifically the cash book feature that lists accomplishments by category. The vulnerability is in the category_id parameter, enabling SQL injection due to unsanitized input in commit 3730880 (April 2023) and in version 0.9-beta1. The CVSS 3.1 vector (AV...

9.8CVSS9.7AI score0.00825EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.4 views

PT-2023-26653 · Unknown · Economizzer

Name of the Vulnerable Software and Affected Versions: Economizzer version 0.9-beta1 Description: A remote code execution vulnerability exists via an insecure file upload. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry, allowing them to execute...

8.8CVSS9.1AI score0.28487EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.4 views

PT-2023-26651 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer versions 0.9-beta1 gugoan Economizzer commit 3730880 Description: An Insecure Direct Object Reference IDOR vulnerability allows any unauthenticated attacker to access cash book entry attachments of any other user, if they...

3.7CVSS4AI score0.00599EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.5 views

PT-2023-26649 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer versions 0.9-beta1 and commit 3730880 April 2023 Description: A SQL injection vulnerability exists in the cash book feature of gugoan Economizzer, specifically in the category id parameter, which is used to list...

9.8CVSS9.5AI score0.00825EPSS
Exploits1References9
Rows per page
Query Builder