MidnightBSD

Advisories for reportico

CVE-2014-3777 MEDIUM

Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
reportico php_report_designer *
reportico php_report_designer 3.2
reportico php_report_designer 2.1
reportico php_report_designer 2.7
reportico php_report_designer 2.3
reportico php_report_designer 1.0.4
reportico php_report_designer 3.1
reportico php_report_designer 1.0.0
reportico php_report_designer 2.2
reportico php_report_designer 1.0.1
reportico php_report_designer 2.0
reportico php_report_designer 2.0.1
reportico php_report_designer 1.0.2
reportico php_report_designer 2.4
reportico php_report_designer 2.6
reportico php_report_designer 2.3.1
reportico php_report_designer 3.0
reportico php_report_designer 2.5
reportico php_report_designer 1.0.3
reportico php_report_designer 1.0.6
reportico php_report_designer 1.0.5
CVE-2023-46925

Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
reportico reportico 7.1.21
CVE-2023-48865

An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.

Products Affected

Vendor Product Version
reportico reportico 8.1.0