103 matches found
BIT-PROCESSMAKER-2022-38577
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators...
Exploit for Improper Preservation of Permissions in Processmaker
This repository has be archived and moved to: https://github.com...
ProcessMaker Privilege Escalation Exploit
Exploit Title: ProcessMaker - User Profile Privilege Escalation Description: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. Exploit Author: Sornram Kampeera...
ProcessMaker Privilege Escalation
Exploit Title: ProcessMaker - User Profile Privilege Escalation Description: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. Date: 20220822 Exploit Author: Sornram...
CVE-2022-38577
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators...
CVE-2022-38577
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators...
Design/Logic Flaw
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators...
CVE-2022-38577
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators...
CVE-2022-38577
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators...
CVE-2022-38577
ProcessMaker before v3.5.4 has an insecure permission issue on the user profile page that lets normal users escalate to Administrators. This is documented across multiple sources (NVD/Red Hat/OSV) and is the same CVE entry, CVE-2022-38577. The Red Hat data additionally notes a related unrestricte...
PT-2022-24467 · Unknown · Processmaker
Name of the Vulnerable Software and Affected Versions: ProcessMaker versions prior to 3.5.4 Description: The issue is related to insecure permissions in the user profile page, allowing attackers to escalate normal users to Administrators. Recommendations: For versions prior to 3.5.4, update to...
ProcessMaker 权限许可和访问控制问题漏洞
ProcessMaker is a Php-written website builder for business process management BPM and workflow management from ProcessMaker Inc. in the United States. A security vulnerability exists in ProcessMaker prior to version v3.5.4, which stems from an insecure privilege in its user profile page that allo...
ProcessMaker 3.5.4 Local File Inclusion
Exploit Title: ProcessMaker 3.5.4 - Local File inclusion Exploit Author: Ai Ho @j3ssiejjj Date: 16-04-2021 Vendor Homepage: https://www.processmaker.com/ Version: ProcessMaker = 3.5.4 References: https://github.com/jaeles-project/jaeles-signatures/blob/master/common/process-maker-lfi.yaml PoC: Wi...
ProcessMaker 3.5.4 - Local File inclusion Vulnerability
Exploit Title: ProcessMaker 3.5.4 - Local File inclusion Exploit Author: Ai Ho @j3ssiejjj Date: 16-04-2021 Vendor Homepage: https://www.processmaker.com/ Version: ProcessMaker = 3.5.4 References: https://github.com/jaeles-project/jaeles-signatures/blob/master/common/process-maker-lfi.yaml PoC: Wi...
ProcessMaker SQL Injection Vulnerability (CNVD-2021-05405)
Processmaker is the United States Processmaker company a Php written for business process management BPM and workflow management of the building system. ProcessMaker version 3.4.11 suffers from SQL injection vulnerabilities that stem from the program failing to properly validate user input, which...
CVE-2020-13526
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTablesAjax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTT...
CVE-2020-13526
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTablesAjax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTT...
Sql injection
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTablesAjax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTT...
CVE-2020-13526
ProcessMaker 3.4.11 is vulnerable to SQL injection via the sort parameter in the reportTables_Ajax and clientSetupAjax pages. The root cause is improper handling/validation of the sort input, enabling authenticated attackers to inject SQL through these endpoints. Reported issues affect authentica...
CVE-2020-13526
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTablesAjax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTT...