8 matches found
CVE-2025-67102
A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...
CVE-2025-67102
A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...
CVE-2025-67102
A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...
CVE-2025-67102
A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...
CVE-2025-67102
A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...
CVE-2025-67102
A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...
PT-2026-20260
Name of the Vulnerable Software and Affected Versions Jorani versions prior to 1.0.5 Description A SQL injection issue exists in the alldayoffs feature of the software. An authenticated attacker can execute arbitrary SQL commands through the entity parameter. Recommendations Update to version 1.0...
CVE-2025-67102
Jorani versions up to 1.0.4 contain a SQL injection vulnerability in the alldayoffs feature, exploitable by an authenticated attacker via the entity parameter to execute arbitrary SQL commands. Multiple sources (Red Hat, CVE listings, PT-Security advisory) concur that the issue stems from imprope...