Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cale Dunlap Subscribe
Filtered by product Openinvoice
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6523 1 Cale Dunlap 1 Openinvoice 2017-09-28 7.5 HIGH N/A
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
CVE-2008-6524 1 Cale Dunlap 1 Openinvoice 2017-09-28 6.5 MEDIUM N/A
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.