CVE-2022-2921

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.

notrinos/NotrinosERP
notrinos/NotrinosERP
A web-based ERP, Accounting system that written in PHP and MySql includes CRM, Sales, Purchasing, Warehousing, Manufacturing, Payroll & Human Resource... It supports multi user, multi currencies, multi languages, multi level approval workflow.
GitHubGitHub
147