Vulnerabilities > Economizzer

DATE CVE VULNERABILITY TITLE RISK
2023-09-28 CVE-2023-38870 SQL Injection vulnerability in Economizzer 0.9/April2023
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1.
network
low complexity
economizzer CWE-89
critical
 9.8
9.8
2023-09-28 CVE-2023-38871 Information Exposure Through Discrepancy vulnerability in Economizzer 0.9/April2023
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities.
network
low complexity
economizzer CWE-203
5.3
5.3
2023-09-28 CVE-2023-38872 Authorization Bypass Through User-Controlled Key vulnerability in Economizzer 0.9/April2023
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
network
high complexity
economizzer CWE-639
3.7
3.7
2023-09-28 CVE-2023-38873 Improper Restriction of Rendered UI Layers or Frames vulnerability in Economizzer 0.9/April2023
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking.
network
low complexity
economizzer CWE-1021
6.5
6.5
2023-09-28 CVE-2023-38874 Unrestricted Upload of File with Dangerous Type vulnerability in Economizzer 0.9/April2023
A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023).
network
low complexity
economizzer CWE-434
8.8
8.8
2023-09-28 CVE-2023-38877 Code Injection vulnerability in Economizzer 0.9/April2023
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023).
network
low complexity
economizzer CWE-94
8.8
8.8