Skip to main content

Itflow

2 CVEs product

Monthly

CVE-2025-67081 MEDIUM This Month

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. [CVSS 4.9 MEDIUM]

SQLi Itflow
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2024-25344 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP XSS Itflow
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
EPSS 0% CVSS 4.9
MEDIUM This Month

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. [CVSS 4.9 MEDIUM]

SQLi Itflow
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP XSS +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy