Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| notrinos/notrinos-erp(Packagist) | 0 | 0.7 | N/A |
CVSS Metrics
