Packagist (Composer) package
notrinos/notrinos-erp
pkg:composer/notrinos/notrinos-erp
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-24788 | Hig | 8.8 | <= 0.7 | — | Mar 23, 2023 | NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | |
| CVE-2022-2927 | Cri | 9.8 | < 0.7 | 0.7 | Aug 22, 2022 | Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | |
| CVE-2022-2921 | Hig | 8.8 | < 0.7 | 0.7 | Aug 21, 2022 | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companie | |
| CVE-2022-2871 | Med | 5.4 | <= 0.7 | — | Aug 17, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7. |
- affected <= 0.7
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
- affected < 0.7fixed 0.7
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
- affected < 0.7fixed 0.7
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companie
- affected <= 0.7
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.