Minical

Minical

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-46478

Exploit
  • EPSS 2.23%
  • Veröffentlicht 30.10.2023 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:28:34

An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter.

8.8

CVE-2023-3307

Exploit
  • EPSS 0.05%
  • Veröffentlicht 18.06.2023 09:15:09
  • Zuletzt bearbeitet 21.11.2024 08:16:58

A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiat...

5.4

CVE-2023-33408

Exploit
  • EPSS 0.24%
  • Veröffentlicht 05.06.2023 21:15:11
  • Zuletzt bearbeitet 08.01.2025 20:15:24

Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.

6.5

CVE-2023-33409

Exploit
  • EPSS 0.14%
  • Veröffentlicht 05.06.2023 21:15:11
  • Zuletzt bearbeitet 08.01.2025 19:15:29

Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.

8.8

CVE-2023-33410

Exploit
  • EPSS 0.74%
  • Veröffentlicht 05.06.2023 21:15:11
  • Zuletzt bearbeitet 08.01.2025 19:15:29

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to constr...