Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
processmaker processmaker vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-38577
ProcessMaker before v3.5.4 exists to contain insecure permissions in the user profile page. This vulnerability allows malicious users to escalate normal users to Administrators.
Processmaker Processmaker
2 Github repositories
8.8
CVSSv3
CVE-2016-9045
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.
Processmaker Processmaker 3.0.1.7
7.4
CVSSv3
CVE-2016-9048
Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,...
Processmaker Processmaker 3.0.1.7
8.8
CVSSv3
CVE-2020-13525
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Processmaker Processmaker 3.4.11
8.8
CVSSv3
CVE-2020-13526
SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an...
Processmaker Processmaker 3.4.11
NA
CVE-2024-25506
Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker prior to 4.0 allows a remote malicious user to run arbitrary code via control of the pm_sys_sys cookie.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started