Vulnerabilities > Bigprof > Online Invoicing System > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-29 | CVE-2020-35674 | SQL Injection vulnerability in Bigprof Online Invoicing System BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). | 9.8 |