12 matches found
CVE-2026-24913
SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product...
EUVD-2023-57758
Malicious code in bioql PyPI...
CVE-2024-55556
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...
WordPress AA Cash Calculator plugin <= 1.0 - Reflected Cross-Site Scripting via invoice vulnerability
Reflected Cross-Site Scripting via invoice vulnerability discovered by Nathaniel Oh 0x4n3 in WordPress Plugin AA Cash Calculator versions = 1.0...
PT-2023-26640 · Unknown · Campcodes Beauty Salon Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Beauty Salon Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic. It affects an unknown function of the file /admin/invoice.php. The manipulation of the inv id argument leads...
Campcodes Beauty Salon Management System 跨站脚本漏洞
Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes, Inc. A cross-site scripting vulnerability exists in Campcodes Beauty Salon Management System version 1.0, which stems from unknown processing in /admin/invoice.php that results in cross-site scripting via...
CVE-2022-4372 Web Invoice <= 2.1.3 - Authenticated SQLi
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as...
ICREM H8 SSRMS 安全漏洞
H8 Ssrms is a Canadian solution for the telecommunications industry. It is used to improve productivity, efficient processes, organized operations and increase profitability. A security vulnerability exists in ICREM H8 SSRMS that allows an attacker to disclose sensitive information through the...
Unspecified Vulnerability in NCH Software Express Invoice
NCH Software Express Invoice is an inventory system from NCH Software Australia. The system is mainly used for invoice management, etc. A security vulnerability exists in NCH Software Express Invoice version 7.25, which stems from the program storing passwords in plaintext form. This vulnerabilit...
Harvest: Client can redirect payment, causing payment discrepancy between Harvest and PayPal
Vulnerability details When a client views an invoice through the web interface, it'll show a "Pay with PayPal" button when a standard PayPal integration has been enabled. Clicking this button will submit a POST request to PayPal. This request contains a business parameter, which is the receiver o...
Harvest: Unauthorized read access to Invoices by PM (Access control Issues)
Hi Team, Description : Project Manager have access to limited projects and corresponding Invoices. But he can view any private Invoices of the company which he doesn't have access to. Sending Invoice Request is Vulnerable to Indirect Object Reference Attack. Any Unprivileged Project manager can...
Apple Patches Remote 'Invoice Vulnerability' in iTunes, App Store
Apple recently patched a serious issue in its App Store and iTunes Store web app that could have let a remote attacker inject malicious script into invoices that come from Apple and subsequently lead to session hijacking, phishing, and redirect. The vulnerability was unearthed in June by Benjamin...