Vulnerabilities > Fl3Xx
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-42334 | Authorization Bypass Through User-Controlled Key vulnerability in Fl3Xx Crew and Dispatch An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. | 6.5 |
| 2023-09-20 | CVE-2023-42335 | Unrestricted Upload of File with Dangerous Type vulnerability in Fl3Xx Crew and Dispatch Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. | 8.8 |