📦 Jorani

CVE-2023-26469 is a critical path traversal vulnerability in Jorani 1.0.0 that allows attackers to access arbitrary files on the server and execute remote code. This affects all organizations using Jo...

CVE-2022-34132 is a SQL injection vulnerability in Benjamin BALET Jorani v1.0 that allows attackers to execute arbitrary SQL commands via the id parameter in the Leaves.php controller. This affects al...

An authenticated SQL injection vulnerability in Jorani 1.0.0 allows low-privilege users to execute arbitrary SQL queries via the /leaves/validate endpoint's id parameter. This enables attackers to ext...

CVE-2022-34134 is a Cross-Site Request Forgery vulnerability in Benjamin BALET Jorani v1.0 that allows attackers to trick authenticated users into performing unintended actions via the Users.php contr...