VYPR

Packagist (Composer) package

gugoan/economizzer

pkg:composer/gugoan/economizzer

Vulnerabilities (5)

  • CVE-2023-38877Sep 28, 2023
    affected <= 0.9-beta1

    A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacke

  • CVE-2023-38874Sep 28, 2023
    affected <= 0.9-beta1

    A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may vis

  • CVE-2023-38873Sep 28, 2023
    affected <= 0.9-beta1

    The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page

  • CVE-2023-38872Sep 28, 2023
    affected <= 0.9-beta1

    An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.

  • CVE-2023-38871Sep 28, 2023
    affected <= 0.9-beta1

    The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determin