2 matches found
CVE-2008-6523
The CVE-2008-6523 issue affects openInvoice 0.90 beta and earlier where auth.php allows remote authentication bypass by setting the oiauth cookie, enabling privilege gain. The note indicates this can be combined with a separate vulnerability in resetpass.php to modify passwords for arbitrary user...
CVE-2008-6524
CVE-2008-6524 affects openInvoice up to version 0.90 beta and earlier. It allows remote authenticated users to change arbitrary user passwords via a modified uid parameter in resetpass.php. The description notes this can be leveraged with a separate vulnerability in auth.php to modify passwords w...