Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6523 | 1 Cale Dunlap | 1 Openinvoice | 2017-09-28 | 7.5 HIGH | N/A |
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users. | |||||
CVE-2008-6524 | 1 Cale Dunlap | 1 Openinvoice | 2017-09-28 | 6.5 MEDIUM | N/A |
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication. |