Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

103 matches found

Positive Technologies
Positive Technologiesadded 2020/12/10 12:0 a.m.2 views

PT-2020-13603 · Processmaker · Processmaker

Name of the Vulnerable Software and Affected Versions: ProcessMaker version 3.4.11 Description: A SQL injection issue exists in the handling of sort parameters. The sort parameter in the reportTables Ajax and clientSetupAjax pages is vulnerable to SQL injection. An attacker can make an...

8.8CVSS7AI score0.01588EPSS
Exploits1References12
CNVD
CNVDadded 2020/12/04 12:0 a.m.17 views

ProcessMaker SQL Injection Vulnerability

ProcessMaker is a software suite for workflow management that can be used to automate workflows, create documents, assign roles and users to processes, and more. download page /sysworkflow/en/neoclassic/reportTables/ in ProcessMaker 3.4.11 A SQL injection vulnerability exists in the sort paramete...

8.8CVSS2.8AI score0.01588EPSS
Exploits1References1
NVD
NVDadded 2020/12/03 6:15 p.m.10 views

CVE-2020-13525

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTablesAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS7.4AI score0.01588EPSS
Exploits1References1
OSV
OSVadded 2020/12/03 6:15 p.m.0 views

CVE-2020-13525

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTablesAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS6.8AI score0.01588EPSS
Exploits1References1
Prion
Prionadded 2020/12/03 6:15 p.m.18 views

Sql injection

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTablesAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.5CVSS8.9AI score0.01588EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2020/12/03 5:4 p.m.13 views

CVE-2020-13525

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTablesAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.4CVSS9.1AI score0.01588EPSS
Exploits1References1
CVE
CVEadded 2020/12/03 5:4 p.m.54 views

CVE-2020-13525

ProcessMaker 3.4.11 is affected by SQL injection in the sort parameter of the reportTables_Ajax and clientSetupAjax endpoints. The vulnerability arises from unsafely constructed ORDER BY queries using the sort parameter, enabling authenticated attackers to inject SQL. TALOS describes multiple SQL...

8.8CVSS8.9AI score0.01588EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2020/11/17 12:0 a.m.0 views

Processmaker SQL注入漏洞

ProcessMaker is a software suite for workflow management that can be used to automate workflows, create documents, assign roles and users to processes, and more. download page /sysworkflow/en/neoclassic/reportTables/ in ProcessMaker 3.4.11 A SQL injection vulnerability exists in the sort paramete...

8.8CVSS6.8AI score0.01588EPSS
Exploits1References2
CNNVD
CNNVDadded 2020/11/17 12:0 a.m.2 views

ProcessMaker SQL注入漏洞

Processmaker is the United States Processmaker company a Php written for business process management BPM and workflow management of the building system. ProcessMaker version 3.4.11 suffers from SQL injection vulnerabilities that stem from the program failing to properly validate user input, which...

8.8CVSS6.8AI score0.01588EPSS
Exploits1References3
Talos
Talosadded 2020/11/17 12:0 a.m.113 views

ProcessMaker sort parameter multiple SQL Injection Vulnerabilities

Summary Multiple SQL injection vulnerabilities exist in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions ProcessMaker 3.4.11...

8.8CVSS8.2AI score0.01588EPSS
Exploits2
CNVD
CNVDadded 2018/09/19 12:0 a.m.1 views

ProcessMaker Enterprise Core Code Execution Vulnerability

ProcessMaker Enterprise Core is a business process management BPM and workflow management software from ProcessMaker, Inc. The software can be through a graphical Web interface for drag-and-drop operations , customize the process of Web forms and so on. A code execution vulnerability exists in...

8.8CVSS9AI score0.00579EPSS
Exploits2References1
OpenVAS
OpenVASadded 2018/09/18 12:0 a.m.26 views

ProcessMaker Detection (HTTP)

HTTP based detection of ProcessMaker. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.141485";...

7AI score
Exploits0References1
Prion
Prionadded 2018/09/17 3:29 p.m.6 views

Remote code execution

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

6.5CVSS7.6AI score0.00579EPSS
Exploits2References1Affected Software1
OSV
OSVadded 2018/09/17 3:29 p.m.0 views

CVE-2016-9045

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

8.8CVSS6.2AI score
Exploits0References1
NVD
NVDadded 2018/09/17 3:29 p.m.6 views

CVE-2016-9045

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

8.8CVSS8.8AI score0.00579EPSS
Exploits2References1
CVE
CVEadded 2018/09/17 3:0 p.m.57 views

CVE-2016-9045

Summary: CVE-2016-9045 affects ProcessMaker Enterprise Core 3.0.1.7-community. The vulnerability is a remote code execution due to unsafe deserialization; a crafted web request can trigger PHP code execution by exploiting how input is deserialized. The Proof-of-Concept involves a request paramete...

8.8CVSS8.7AI score0.00579EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2018/09/17 3:0 p.m.13 views

CVE-2016-9045

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

8.8CVSS8.8AI score0.00579EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2018/09/17 12:0 a.m.2 views

PT-2018-5061 · Processmaker · Processmaker Enterprise Core

Name of the Vulnerable Software and Affected Versions: ProcessMaker Enterprise Core version 3.0.1.7-community Description: A code execution issue exists due to unsafe deserialization. This can be triggered by a specially crafted web request, potentially resulting in PHP code being executed. An...

8.8CVSS8.8AI score0.00579EPSS
Exploits2References3
Prion
Prionadded 2018/09/10 4:29 p.m.8 views

Sql injection

Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially...

6.5CVSS8.7AI score0.00177EPSS
Exploits2References1Affected Software1
NVD
NVDadded 2018/09/10 4:29 p.m.9 views

CVE-2016-9048

Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially...

7.4CVSS8AI score0.00177EPSS
Exploits2References1
Rows per page
Query Builder