Notrinos Notrinos-Erp vulnerabilities
4 known vulnerabilities affecting notrinos/notrinos-erp.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-24788P3HIGHPoC≥ 0, ≤ 0.72023-03-23
CVE-2023-24788 [HIGH] CWE-89 NotrinosERP vulnerable to SQL Injection
NotrinosERP vulnerable to SQL Injection
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at `/NotrinosERP/sales/customer_delivery.php`.
ghsaosv
CVE-2022-2921P3HIGH≥ 0, < 0.72022-08-22
CVE-2022-2921 [HIGH] CWE-359 Exposure of password hashes in notrinos/notrinos-erp
Exposure of password hashes in notrinos/notrinos-erp
The AP officers account is authorized to Backup and Restore the Database, Due to this he/she can download the backup and see the password hash of the System Administrator account, The weak hash (MD5) of the password can be easily cracked and get the admin password.
ghsaosv
CVE-2022-2927P3HIGH≥ 0, < 0.72022-08-23
CVE-2022-2927 [HIGH] CWE-521 Missing password strength check in notrinos/notrinos-erp
Missing password strength check in notrinos/notrinos-erp
In versions of notrinos/notrinoserp prior to 0.7 new account passwords were missing a password strength check.
ghsaosv
CVE-2022-2871P4MEDIUM≥ 0, ≤ 0.72022-08-18
CVE-2022-2871 [MEDIUM] CWE-79 NotrinosERP Cross-site Scripting vulnerability
NotrinosERP Cross-site Scripting vulnerability
NotrinosERP version 0.7 and prior is vulnerable to stored cross-site scripting. A fix is available on the `master` branch of the repository.
ghsaosv