Aashiqahamedno

#10560of 53,635
26.2Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2024-24139
7.8
2024-05-14
Unknown · Reportico Web · CVE-2024-31556
**Name of the Vulnerable Software and Affected Versions** Reportico Web versions prior to 8.1.0 **Description** The issue allows a local attacker to execute arbitrary code and obtain sensitive information via the `sessionid` function. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout, allowing an attacker to exploit the active session cookie and perform unauthorized actions. **Recommendations** For versions prior to 8.1.0, update to version 8.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `sessionid` function until a patch is available. Additionally, ensure that session cookies are properly invalidated upon logout to minimize the risk of exploitation.
PT-2024-13656
6.5
2024-04-11
Reportico · Reportico · CVE-2023-48865
**Name of the Vulnerable Software and Affected Versions** Reportico versions prior to 8.1.0 **Description** An issue in Reportico allows attackers to obtain sensitive information via the `execute mode` parameter of the URL. **Recommendations** For versions prior to 8.1.0, update to version 8.1.0 or later to resolve the issue.
PT-2024-13452
7.1
2024-03-27
Reportico · Reportico · CVE-2023-47438
**Name of the Vulnerable Software and Affected Versions** Reportico versions prior to 8.1.0 **Description** The issue allows attackers to obtain sensitive information or other system information via the `project` parameter. This is a SQL Injection vulnerability, which means attackers can inject malicious SQL code to manipulate the database and extract or modify sensitive data. **Recommendations** For versions prior to 8.1.0, update to version 8.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `project` parameter to minimize the risk of exploitation.
PT-2023-30263
4.8
2023-11-02
Reportico · Reportico · CVE-2023-46925
**Name of the Vulnerable Software and Affected Versions** Reportico version 7.1.21 **Description** The issue is related to Cross Site Scripting (XSS), which allows attackers to inject malicious scripts into websites. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Reportico version 7.1.21, at the moment, there is no information about a newer version that contains a fix for this vulnerability.