Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:19 a.m.9 views

CVE-2023-45826

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS7.2AI score0.01872EPSS
Exploits0References1
Circl
Circl
added 2023/10/19 10:34 p.m.10 views

CVE-2023-45826

creationtimestamp| type| source ---|---|--- 2023-10-19 22:34:49+00:00| seen| https://t.me/cibsecurity/72608 2025-02-25 08:31:44+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-45826.yaml 2025-02-26 21:02:01+00:00| seen|...

6.5CVSS6.3AI score0.01872EPSS
Exploits0References3
CVE
CVE
added 2023/10/19 6:28 p.m.62 views

CVE-2023-45826

Leantime (open source project management system) contains an authenticated SQL injection in the files API. The root cause is an unparameterized 'userId' variable in app/domain/files/repositories/class.files.php, exploitable by sending crafted POST requests to /api/jsonrpc. Impact is confidentiali...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/19 6:28 p.m.28 views

CVE-2023-45826 Authenticated SQL Injection in leantime

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.8AI score0.01872EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/19 6:28 p.m.15 views

CVE-2023-45826 Authenticated SQL Injection in leantime

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS7.2AI score0.01872EPSS
Exploits0References2
Rows per page
Query Builder