notrinos/notrinos-erp Security Advisories for 0.6 (5)
-
[HIGH] NotrinosERP: Authenticated arbitrary file upload leads to remote code execution via HRM employee "Documents" (doc_file)
PKSA-6c2y-dycw-7c38 GHSA-qv4m-m73m-8hj7
Affected version: <=1.0.0
Reported by:
GitHub -
[HIGH] NotrinosERP vulnerable to SQL Injection
PKSA-jd66-y41w-btwd CVE-2023-24788 GHSA-4pqp-69m3-f8pp
Affected version: <=0.7
Reported by:
GitHub -
[HIGH] Missing password strength check in notrinos/notrinos-erp
PKSA-7v6v-7tw6-32md CVE-2022-2927 GHSA-qhm8-69qh-g76j
Affected version: <0.7
Reported by:
GitHub -
[HIGH] Exposure of password hashes in notrinos/notrinos-erp
PKSA-3f1m-hcf6-zfyx CVE-2022-2921 GHSA-44w5-q257-8428
Affected version: <0.7
Reported by:
GitHub -
[MEDIUM] NotrinosERP Cross-site Scripting vulnerability
PKSA-hbwv-1274-y16n CVE-2022-2871 GHSA-hrx5-cv4v-4c44
Affected version: <=0.7
Reported by:
GitHub