An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.
CVSS Score
8.8
EPSS Score
0.01
Published
2023-10-03
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
CVSS Score
9.8
EPSS Score
0.937
Published
2023-08-17
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-01-27
Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-28
Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-06-28
Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-06-28