notrinos/notrinos-erp Security Advisories for 0.7 (3)
-
[HIGH] NotrinosERP: Authenticated arbitrary file upload leads to remote code execution via HRM employee "Documents" (doc_file)
PKSA-6c2y-dycw-7c38 GHSA-qv4m-m73m-8hj7
Affected version: <=1.0.0
Reported by:
GitHub -
[HIGH] NotrinosERP vulnerable to SQL Injection
PKSA-jd66-y41w-btwd CVE-2023-24788 GHSA-4pqp-69m3-f8pp
Affected version: <=0.7
Reported by:
GitHub -
[MEDIUM] NotrinosERP Cross-site Scripting vulnerability
PKSA-hbwv-1274-y16n CVE-2022-2871 GHSA-hrx5-cv4v-4c44
Affected version: <=0.7
Reported by:
GitHub