Malicious Package

Overview @enterprise-core/auth-gateway-bridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

ProcessMaker Enterprise Core Code Execution Vulnerability

ProcessMaker Enterprise Core is a business process management BPM and workflow management software from ProcessMaker, Inc. The software can be through a graphical Web interface for drag-and-drop operations , customize the process of Web forms and so on. A code execution vulnerability exists in...

CVE-2016-9045

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

Remote code execution

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

CVE-2016-9045

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

CVE-2016-9045

Summary: CVE-2016-9045 affects ProcessMaker Enterprise Core 3.0.1.7-community. The vulnerability is a remote code execution due to unsafe deserialization; a crafted web request can trigger PHP code execution by exploiting how input is deserialized. The Proof-of-Concept involves a request paramete...

PT-2018-5061 · Processmaker · Processmaker Enterprise Core

Name of the Vulnerable Software and Affected Versions: ProcessMaker Enterprise Core version 3.0.1.7-community Description: A code execution issue exists due to unsafe deserialization. This can be triggered by a specially crafted web request, potentially resulting in PHP code being executed. An...

CVE-2016-9048

Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially...

PT-2018-5062 · Processmaker · Processmaker Enterprise Core

Name of the Vulnerable Software and Affected Versions: ProcessMaker Enterprise Core version 3.0.1.7-community Description: The issue allows for SQL Injection attacks through specially crafted web requests. An attacker can exploit this by sending a web request with parameters containing SQL...

ProcessMaker Enterprise Core Multiple SQL Injection Vulnerabilities

Summary Multiple exploitable SQL Injection vulnerabilities exists in ProcessMarker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,...