Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ProcessmakerProcessmaker

4 matches found

CVE
CVEadded 2020/12/03 6:15 p.m.51 views

CVE-2020-13525

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

8.8CVSS8.9AI score0.01588EPSS
Web
CVE
CVEadded 2018/09/17 3:29 p.m.48 views

CVE-2016-9045

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.

8.8CVSS8.7AI score0.00243EPSS
Web
CVE
CVEadded 2022/09/19 4:15 p.m.48 views

CVE-2022-38577

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.

8.8CVSS8.7AI score0.20211EPSS
Web
CVE
CVEadded 2020/12/10 11:15 p.m.47 views

CVE-2020-13526

SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP...

8.8CVSS8.9AI score0.01588EPSS