CVE-2021-43830
OpenProject (web-based project management software) versions 12.0.0 and later are affected by a SQL injection in the budgets module. The vulnerability arises when reassigning work packages to a different budget, where input in the reassign_to_id parameter is insufficiently sanitized, and only aff...