4 matches found
CVE-2026-34717 OpenProject: SQL Injection in Cost Reporting =n Operator via parse_number_string
OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version 17.2.3...
CVE-2026-34717 OpenProject: SQL Injection in Cost Reporting =n Operator via parse_number_string
OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version 17.2.3...
CVE-2026-34717
OpenProject vulnerability CVE-2026-34717 affects the cost reporting feature. The issue arises in the =n operator used in modules/reporting/lib/report/operator.rb:177 where user input is embedded directly into SQL WHERE clauses without parameterization, creating a SQL injection risk. The root caus...
VMware vCenter Chargeback Manager Installed
VMware vCenter Chargeback Manager, a cost reporting application, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66896; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/10";...