Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2020-5292
HistoryMar 31, 2020 - 7:15 p.m.

Sql injection

2020-03-3119:15:00
PRIOn knowledge base
www.prio-n.com
5

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and administrators’ password hashes, modify data, or drop tables. The unescaped parameter is “searchUsers” when sending a POST request to “/tickets/showKanban” with a valid session. In the code, the parameter is named “users” in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3.

CPENameOperatorVersion
leantimelt2.0.15

Related

nvd 1
osv 1
cve 1
cvelist 1
nvd
nvd
CVE-2020-5292
2020-03-31 19:15:14
osv
osv
CVE-2020-5292
2020-03-31 19:15:14
cve
cve
CVE-2020-5292
2020-03-31 19:15:14
cvelist
cvelist
CVE-2020-5292 Time-based blind injection in Leantime
2020-03-31 18:15:15

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON
Related for PRION:CVE-2020-5292
nvd1osv1cve1cvelist1