Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.9 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS6.8AI score0.00634EPSS
Exploits1References1
OSV
OSV
added 2023/09/28 6:30 a.m.13 views

GHSA-PQ98-6HF6-3RJ3 Economizzer remote code execution vulnerability

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS9.2AI score0.28487EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.4 views

PT-2023-26653 · Unknown · Economizzer

Name of the Vulnerable Software and Affected Versions: Economizzer version 0.9-beta1 Description: A remote code execution vulnerability exists via an insecure file upload. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry, allowing them to execute...

8.8CVSS9.1AI score0.28487EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.4 views

PT-2023-26651 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer versions 0.9-beta1 gugoan Economizzer commit 3730880 Description: An Insecure Direct Object Reference IDOR vulnerability allows any unauthenticated attacker to access cash book entry attachments of any other user, if they...

3.7CVSS4AI score0.00599EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.7 views

PT-2023-26650 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer version 0.9-beta1 Description: The issue concerns a user enumeration vulnerability in the login and forgot password functionalities. The application reacts differently when a user or email address is valid, and when it's no...

5.3CVSS5.1AI score0.00636EPSS
Exploits1References11
Rows per page
Query Builder