Vulnerabilities (CVE)

Filtered by vendor Cale Dunlap Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6524 1 Cale Dunlap 1 Openinvoice 2024-11-21 6.5 MEDIUM N/A
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
CVE-2008-6523 1 Cale Dunlap 1 Openinvoice 2024-11-21 7.5 HIGH N/A
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.