5 matches found
CVE-2023-45826
Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...
CVE-2023-45826
creationtimestamp| type| source ---|---|--- 2023-10-19 22:34:49+00:00| seen| https://t.me/cibsecurity/72608 2025-02-25 08:31:44+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-45826.yaml 2025-02-26 21:02:01+00:00| seen|...
CVE-2023-45826
Leantime (open source project management system) contains an authenticated SQL injection in the files API. The root cause is an unparameterized 'userId' variable in app/domain/files/repositories/class.files.php, exploitable by sending crafted POST requests to /api/jsonrpc. Impact is confidentiali...
CVE-2023-45826 Authenticated SQL Injection in leantime
Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...
CVE-2023-45826 Authenticated SQL Injection in leantime
Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...