Vulnerabilities > CVE-2022-2921 - Unspecified vulnerability in Notrinos Notrinoserp
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
References
- https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45
- https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45
- https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c
- https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c