ModernBill 5.0.4 and previous versions uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote malicious users to read network traffic via a man-in-the-middle (MITM) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moderngigabyte modernbill |