Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.4 views

CVE-2020-11464

An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc...

6.5CVSS5.6AI score0.012EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.16 views

PT-2023-21128 · WordPress · Erp

Name of the Vulnerable Software and Affected Versions: ERP WordPress plugin versions prior to 1.12.4 Description: The issue concerns a SQL injection problem. It occurs because the type parameter in the "erp/v1/accounting/v1/people" REST API endpoint is not properly sanitized and escaped before...

7.2CVSS7.1AI score0.02632EPSS
Exploits5References8
Prion
Prion
added 2023/05/08 8:15 p.m.16 views

Code injection

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company parameter...

4.9CVSS5.8AI score0.0067EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.6 views

MonicaHQ 跨站脚本漏洞

MonicaHQ is a relationship management system from MonicaHQ, Inc. A security vulnerability exists in MonicaHQ version 4.0.0, which can be exploited by a remote attacker to execute malicious code in the application via the people:id/relationships endpoint and CSTIs in the firstname and lastname...

5.4CVSS6AI score0.00643EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.4 views

PT-2023-16749 · Monicahq · Monicahq

Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.0.0 Description: The issue allows an authenticated remote attacker to execute malicious code in the application via CSTI in the "people:id/food" endpoint and food parameter. Recommendations: For MonicaHQ version 4.0.0, as a...

8.8CVSS8.6AI score0.01166EPSS
Exploits1References5
OSV
OSV
added 2020/04/01 9:15 p.m.4 views

CVE-2020-11464

An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc...

4.3CVSS5.8AI score0.012EPSS
Exploits1References3
Rows per page
Query Builder