notrinos/notrinos-erp

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting notrinos/notrinos-erppage 1 of 1

CVE-2022-2871MEDIUMCVSS 5.4EG 5.4
2022-08-17
vulnerable: 0.6, 0.7
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-2921HIGHCVSS 8.8EG 8.8✓ Fixed in 0.7
2022-08-21
vulnerable: 0.6
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected fun…
CVE-2022-2927CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.7
2022-08-22
vulnerable: 0.6
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2023-24788HIGHCVSS 8.8EG 8.8
2023-03-23
vulnerable: 0.6, 0.7
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.

Check whether notrinos/notrinos-erp is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for notrinos/notrinos-erp CVEs against the assets you own.

Start Free Scan →