← Back

Minical

minical

Vendor: Minical • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-46478
1Minical
1Minical
Nov 21, 2024
Oct 30, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter.
CVE-2023-3307
1Minical
1Minical
Nov 21, 2024
Jun 18, 2023
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql inject...Show more
A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-33410
1Minical
1Minical
Jan 8, 2025
Jun 5, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting...Show more
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.Show less
CVE-2023-33409
1Minical
1Minical
Jan 8, 2025
Jun 5, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.
CVE-2023-33408
1Minical
1Minical
Jan 8, 2025
Jun 5, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.