3 matches found
CVE-2021-43830
OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...
Sql injection
OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...
PT-2021-23962 · Unknown · Openproject
Name of the Vulnerable Software and Affected Versions: OpenProject versions 12.0.0 through 12.0.3 Description: OpenProject is a web-based project management software. The software is vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, t...