ReportizFlow
Filtered by vendor Bigprof
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35674 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 9.8 Critical |
| BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | ||||
| CVE-2018-18587 | 1 Bigprof | 1 Appgini | 2024-11-21 | N/A |
| BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash. | ||||