Vulnerabilities > Processmaker

DATE CVE VULNERABILITY TITLE RISK
2022-09-19 CVE-2022-38577 Improper Preservation of Permissions vulnerability in Processmaker 3.0.1.7/3.4.11
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page.
network
low complexity
processmaker CWE-281
8.8
8.8
2020-12-10 CVE-2020-13526 SQL Injection vulnerability in Processmaker 3.4.11
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11.
network
low complexity
processmaker CWE-89
8.8
8.8
2020-12-03 CVE-2020-13525 SQL Injection vulnerability in Processmaker 3.4.11
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11.
network
low complexity
processmaker CWE-89
8.8
8.8
2018-09-17 CVE-2016-9045 Deserialization of Untrusted Data vulnerability in Processmaker 3.0.1.7
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community.
network
low complexity
processmaker CWE-502
8.8
8.8
2018-09-10 CVE-2016-9048 SQL Injection vulnerability in Processmaker 3.0.1.7
Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community.
network
low complexity
processmaker CWE-89
7.4
7.4