GHSA-pww3-x2g7-x8q2

Suggest an improvement
Source
https://github.com/advisories/GHSA-pww3-x2g7-x8q2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-pww3-x2g7-x8q2/GHSA-pww3-x2g7-x8q2.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-pww3-x2g7-x8q2
Aliases
  • CVE-2023-48865
Published
2024-04-12T00:30:26Z
Modified
2024-04-12T21:42:03.865280Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Reportico affected by Incorrect Access Control
Details

An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.

Database specific
{
    "nvd_published_at": "2024-04-11T22:15:13Z",
    "cwe_ids": [
        "CWE-639"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-12T21:26:13Z"
}
References

Affected packages

Packagist / reportico-web/reportico

Package

Name
reportico-web/reportico
Purl
pkg:composer/reportico-web/reportico

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
8.1.0

Affected versions

4.*

4.6

6.*

6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16

7.*

7.0.1-alpha
7.0.2-alpha
7.0.3-alpha
7.0.4-alpha
7.0.5-alpha
7.0.6-alpha
7.0.7-alpha
7.0.8-alpha
7.0.9-alpha
7.0.10-alpha
7.1.0-alpha
7.1.1-alpha
7.1.2-alpha
7.1.3-alpha
7.1.4-alpha
7.1.5-alpha
7.1.6-alpha
7.1.7-alpha
7.1.8-alpha
7.1.9-alpha
7.1.10-alpha
7.1.11-alpha
7.1.12-alpha
7.1.13-alpha
7.1.14-alpha
7.1.15-alpha
7.1.16-alpha
7.1.17-alpha
7.1.18-alpha
7.1.19-beta
7.1.20-beta
7.1.21-beta
7.1.22-beta
7.1.23-beta
7.1.24-beta
7.1.25-beta
7.1.26-beta
7.1.27-beta
7.1.28-beta
7.1.29-beta
7.1.30-beta
7.1.31-beta
7.1.32-beta
7.1.33-beta
7.1.34-beta
7.1.35-beta
7.1.36-beta
7.1.37-beta
7.1.38-beta
7.1.39-beta
7.1.40-beta
7.1.41-beta
7.1.42-beta

8.*

8.0.1
8.0.2
8.0.3
8.1.0