3 matches found
CVE-2020-5292
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and...
CVE-2020-5292
CVE-2020-5292 – Leantime SQL injection (time-based blind) : Leantime before versions 2.0.15 and 2.1-beta3 is vulnerable to SQL injection via an unescaped parameter in a POST to /tickets/showKanban. The vulnerable parameter is “searchUsers” (internally named “users” in class.tickets.php) and requi...
CVE-2020-5292 Time-based blind injection in Leantime
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and...