6 matches found
CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter
The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
WordPress plugin Klamra Paycal for Aspaclaria 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
CVE-2024-37889
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6...
CVE-2024-37889
MyFinances vulnerability CVE-2024-37889 affects the MyFinances web application, where a signed-in user can access invoices and PII/financial data from other accounts via a specific method. Root cause details are not fully disclosed in the provided documents beyond the access mechanism; the impact...
CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6...
Sourcecodester Simple Client Management SystemSQL注入漏洞
Simple Client Management System is a simple web-based application that provides an online platform to manage company customer invoices.Simple Client Management System is vulnerable to SQL injection, which could be exploited by an attacker to dump a carefully crafted HTTP request through the...