Vulnerabilities > Bigprof > Online Invoicing System > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-29 CVE-2020-35674 SQL Injection vulnerability in Bigprof Online Invoicing System
BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets).
network
low complexity
bigprof CWE-89
critical
9.8