Select Page
- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods used to search invoices. v3.8.4 also added various sanitisation
Share this page: Sharing Facebook Twitter LinkedIn Copy Text