idurarapp 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥、vendor risk sql injection, and vendor risk cross-site scripting に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and vendor impact data exposure などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-47769 | IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath locati | [email protected] | 7.5 | 1.00% | 2024-10-04 | 2024-11-13 |
| CVE-2024-25164 | iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. | [email protected] | 7.5 | 0.40% | 2024-03-05 | 2025-04-30 |
| CVE-2023-52265 | IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. | [email protected] | 5.4 | 0.09% | 2023-12-30 | 2025-04-17 |
| CVE-2023-27742 | IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login. | [email protected] | 9.8 | 0.76% | 2023-05-16 | 2025-01-23 |