3 matches found
CVE-2020-35674
creationtimestamp| type| source ---|---|--- 2026-06-23 19:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3moy5l6t2rq2j...
CVE-2020-35674
BigProf Online Invoicing System prior to version 2.9 is affected by an unauthenticated SQL Injection in /membership_passwordReset.php. The root cause is a custom sanitization implementation that fails to properly sanitize input, allowing an attacker to craft a payload to extract sensitive data an...
CVE-2020-35674
BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membershippasswordReset.php the endpoint that is responsible for issuing self-service password resets. An unauthenticated attacker is able to send a request containing a crafted payload that can...