Vulnerabilities > Emuse Eservices Envoice Project

DATE CVE VULNERABILITY TITLE RISK
2021-12-29 CVE-2021-36722 SQL Injection vulnerability in Emuse - Eservices / Envoice Project Emuse - Eservices / Envoice
Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints.
network
low complexity
emuse-eservices-envoice-project CWE-89
critical
10.0
2021-12-29 CVE-2021-36723 Information Exposure vulnerability in Emuse - Eservices / Envoice Project Emuse - Eservices / Envoice
Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.
network
low complexity
emuse-eservices-envoice-project CWE-200
7.5