Vinicius Silva

2 exploits Active since Feb 2024
CVE-2023-49508 WRITEUP MEDIUM WRITEUP
YetiForceCRM < 6.5.0 - Authenticated Path Traversal via LibraryLicense.php License Parameter
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.
CVSS 6.5
CVE-2024-26476 WRITEUP LOW WRITEUP
openemr < 7.0.2 - Server-Side Request Forgery via ereq_form.php formid Parameter
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.
CVSS 3.5