Skip to main content

Idurar

4 CVEs product

Monthly

CVE-2024-47769 HIGH POC PATCH This Week

IDURAR is open source ERP CRM accounting invoicing software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Idurar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-25164 HIGH POC This Week

iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Idurar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-52265 MEDIUM POC PATCH This Month

IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Idurar
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27742 CRITICAL POC Act Now

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Idurar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

IDURAR is open source ERP CRM accounting invoicing software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Idurar
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Idurar
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Idurar
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Idurar
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy