VYPR

IDURAR

by IDURAR

CVEs (4)

  • CVE-2023-27742CriMay 16, 2023
    risk 0.64cvss 9.8epss 0.01

    IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.

  • CVE-2024-25164HigMar 5, 2024
    risk 0.49cvss 7.5epss 0.01

    iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality.

  • CVE-2023-52265MedDec 30, 2023
    risk 0.35cvss 5.4epss 0.00

    IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.

  • CVE-2024-47769HigOct 4, 2024
    risk 0.00cvss 7.5epss 0.01

    IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the…