CVE-2023-38874 - Remote Code Execution in Economizzer via Insecure File Upload (Exclusive Deep Dive)
A serious security vulnerability has been discovered in Economizzer, an open-source web-based personal finance manager. The issue, tracked as CVE-2023-38874, affects versions up to v.
CVE-2023-38872 - How an IDOR Vulnerability in Economizzer Let Attackers Access Your Attachments
CVE-2023-38872 is a security vulnerability found in Economizzer, a popular open-source cash flow manager. The issue, known as an Insecure Direct Object Reference (IDOR), allows
CVE-2023-38873 - Clickjacking Vulnerability in Economizzer (Commit 373088 and v.9-beta1)
Clickjacking, also called "UI redress attack," is one of those web vulnerabilities that looks simple—but can cost you dearly if left unchecked.
CVE-2023-38870 - SQL Injection Vulnerability in Economizzer’s Cash Book (Analysis, Code, Exploit)
---
TL;DR
Economizzer, an open-source financial management app, contains a serious SQL Injection vulnerability in its cash book feature. Specifically, the category_id parameter
Episode
00:00:00
00:00:00