Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
processmaker processmaker vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38577
ProcessMaker before v3.5.4 exists to contain insecure permissions in the user profile page. This vulnerability allows malicious users to escalate normal users to Administrators.
Processmaker Processmaker
2 Github repositories
6.5
CVSSv2
CVE-2016-9048
Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,...
Processmaker Processmaker 3.0.1.7
6.5
CVSSv2
CVE-2020-13526
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an...
Processmaker Processmaker 3.4.11
6.5
CVSSv2
CVE-2016-9045
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.
Processmaker Processmaker 3.0.1.7
6.5
CVSSv2
CVE-2020-13525
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Processmaker Processmaker 3.4.11
NA
CVE-2024-25506
Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker prior to 4.0 allows a remote malicious user to run arbitrary code via control of the pm_sys_sys cookie.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started