7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
85.7%
Edwin Gozeling and Wim Visser discovered that when the project_id
parameter of the SOAP-request starts with the integer of a project to
which the user (or anonymous) is authorized, the ENTIRE value will
become the first item of $t_projects. As this value is concatenated in
the SQL statement, SQL-injection becomes possible.