Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogβ€’added 2023/09/28 6:30 a.m.β€’17 views

Economizzer host header injection vulnerability

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...

8.8CVSS7.3AI score0.00262EPSS
Exploits1References6Affected Software1
OSV
OSVβ€’added 2023/09/28 6:30 a.m.β€’16 views

GHSA-H3QF-V68R-35JG Economizzer user enumeration vulnerability

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

5.3CVSS5.2AI score0.00205EPSS
Exploits1References5
OSV
OSVβ€’added 2023/09/28 6:30 a.m.β€’11 views

GHSA-HQP9-MRJW-7QQ2 Economizzer host header injection vulnerability

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...

8.8CVSS8.7AI score0.00262EPSS
Exploits1References5
OSV
OSVβ€’added 2023/09/28 4:15 a.m.β€’16 views

CVE-2023-38874

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS8.6AI score0.20512EPSS
Exploits1References3
NVD
NVDβ€’added 2023/09/28 4:15 a.m.β€’7 views

CVE-2023-38874

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS9.2AI score0.20512EPSS
Exploits1References3
CVE
CVEβ€’added 2023/09/28 12:0 a.m.β€’103 views

CVE-2023-38874

CVE-2023-38874 affects Economizzer v0.9-beta1. The vulnerability is an insecure file upload that lets an attacker upload a PHP web shell as an attachment when adding a new cash book entry, then access the shell to execute arbitrary commands. This results in remote code execution (RCE) with high i...

8.8CVSS9.1AI score0.20512EPSS
Exploits1References3Affected Software1
CVE
CVEβ€’added 2023/09/28 12:0 a.m.β€’52 views

CVE-2023-38877

Economizzer (gugoan) v0.9-beta1 and commit 3730880 are affected by a host header injection vulnerability in the password reset flow. The issue allows an attacker-controlled server to receive password reset tokens, enabling the attacker to reset other users’ passwords. Root cause described across ...

8.8CVSS8.6AI score0.00262EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder