Skip to main content

Processmaker

3 CVEs product

Monthly

CVE-2022-38577 HIGH POC This Week

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Processmaker
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-13526 HIGH POC This Week

SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Processmaker
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-13525 HIGH POC This Week

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Processmaker
NVD
CVSS 3.1
8.8
EPSS
1.7%
EPSS 2% CVSS 8.8
HIGH POC This Week

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Processmaker
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Processmaker
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Processmaker
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy