Filtered by vendor Bigprof
Subscribe
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35674 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | N/A | 9.8 CRITICAL |
| BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | |||||
| CVE-2018-18587 | 1 Bigprof | 1 Appgini | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash. | |||||