NotrinosERP vulnerable to SQL Injection
RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
Advisories for Composer/Notrinos/Notrinos-Erp package
2023
2022
Weak Password Requirements
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
Exposure of Private Personal Information to an Unauthorized Actor
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.