← Back

Crew

crew

Vendor: Fl3xx • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-42335
1Fl3xx
2Crew
Dispatch
Nov 21, 2024
Sep 20, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.
CVE-2023-42334
1Fl3xx
2Crew
Dispatch
Nov 21, 2024
Sep 20, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.