itflow-org/itflow

GitHub

github.com

itflow.org

Releases21

Frequency3 weeks 2 days

Last Release about 1 month ago

Stars942

All in One PSA for MSPs, which Unifies client, contact, vendor, asset, license, domain, ssl certificate, password, documentation, file, network and location management with ticketing and billing capabilities, with a client portal on the side.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-67081 ↗	Jan 15, 2026Thursday, 15 January 2026, 15:15	4.9 MEDIUM	—
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing on integer parameter.
CVE-2024-25344 ↗	Feb 26, 2024Monday, 26 February 2024, 16:27	6.1 MEDIUM	—
Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components.