72 matches found
EUVD-2023-2528
Malicious code in bioql PyPI...
EUVD-2023-2505
Malicious code in bioql PyPI...
EUVD-2023-2516
Malicious code in bioql PyPI...
EUVD-2023-2464
Malicious code in bioql PyPI...
EUVD-2023-42642
Malicious code in bioql PyPI...
CVE-2023-38872
An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...
CVE-2023-38874
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...
CVE-2023-38870
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...
CVE-2023-38873
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
CVE-2023-38871
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...
CVE-2023-38877
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...
📄 Economizzer 0.9-beta1 Session Invalidation
Economizzer version 0.9-beta1 fails to properly invalidate user sessions. A session management vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains...
📄 Economizzer 0.9-beta1 Cross Site Scripting
Economizzer version 0.9-beta1 suffers from multiple persistent cross site scripting vulnerabilities. A persistent cross-site scripting XSS vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry vi...
GHSA-H3QF-V68R-35JG Economizzer user enumeration vulnerability
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...
GHSA-896V-PH5W-379H Economizzer Insecure Direct Object Reference vulnerability
An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...
GHSA-HQP9-MRJW-7QQ2 Economizzer host header injection vulnerability
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...
GHSA-PQ98-6HF6-3RJ3 Economizzer remote code execution vulnerability
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...
GHSA-GC95-5MMP-MP6J Economizzer vulnerable to Clickjacking
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
Economizzer host header injection vulnerability
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...
Economizzer remote code execution vulnerability
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...