VYPR

Bitnami package

processmaker

pkg:bitnami/processmaker

Vulnerabilities (3)

  • CVE-2022-38577HigSep 19, 2022
    affected < 3.5.4fixed 3.5.4

    ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.

  • CVE-2020-13526HigDec 10, 2020
    affected >= 3.4.11, <= 3.4.11

    SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an

  • CVE-2020-13525HigDec 3, 2020
    affected >= 3.4.11, <= 3.4.11

    The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this