Cale Dunlap Openinvoice vulnerabilities
2 known vulnerabilities affecting cale_dunlap/openinvoice.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2008-6523P3HIGHCVSS 7.5PoCv0.902009-03-25
CVE-2008-6523 [HIGH] CWE-287 CVE-2008-6523: auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and g
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
nvd
CVE-2008-6524P3MEDIUMCVSS 6.5PoC≤ 0.902009-03-25
CVE-2008-6524 [MEDIUM] CWE-255 CVE-2008-6524: resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the p
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
nvd