Filtered by vendor Cale Dunlap Subscriptions
Filtered by product Openinvoice Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-6524 1 Cale Dunlap 1 Openinvoice 2024-11-21 N/A
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
CVE-2008-6523 1 Cale Dunlap 1 Openinvoice 2024-11-21 N/A
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.