Packagist (Composer) package
reportico-web/reportico
pkg:composer/reportico-web/reportico
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-31556 | Hig | 7.8 | <= 8.1.0 | — | May 14, 2024 | An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function. | |
| CVE-2023-48865 | — | <= 8.1.0 | — | Apr 11, 2024 | An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL. | ||
| CVE-2023-47438 | Med | 6.5 | <= 8.1.0 | — | Mar 27, 2024 | SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter. | |
| CVE-2023-46925 | — | <= 7.1.21 | — | Nov 2, 2023 | Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS). |
- affected <= 8.1.0
An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function.
- CVE-2023-48865Apr 11, 2024affected <= 8.1.0
An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.
- affected <= 8.1.0
SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter.
- CVE-2023-46925Nov 2, 2023affected <= 7.1.21
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).