6 matches found
CVE-2020-11464
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc...
PT-2023-21128 · WordPress · Erp
Name of the Vulnerable Software and Affected Versions: ERP WordPress plugin versions prior to 1.12.4 Description: The issue concerns a SQL injection problem. It occurs because the type parameter in the "erp/v1/accounting/v1/people" REST API endpoint is not properly sanitized and escaped before...
Code injection
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company parameter...
MonicaHQ 跨站脚本漏洞
MonicaHQ is a relationship management system from MonicaHQ, Inc. A security vulnerability exists in MonicaHQ version 4.0.0, which can be exploited by a remote attacker to execute malicious code in the application via the people:id/relationships endpoint and CSTIs in the firstname and lastname...
PT-2023-16749 · Monicahq · Monicahq
Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.0.0 Description: The issue allows an authenticated remote attacker to execute malicious code in the application via CSTI in the "people:id/food" endpoint and food parameter. Recommendations: For MonicaHQ version 4.0.0, as a...
CVE-2020-11464
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc...