CVE-2023-45826

Leantime (open source project management system) contains an authenticated SQL injection in the files API. The root cause is an unparameterized 'userId' variable in app/domain/files/repositories/class.files.php, exploitable by sending crafted POST requests to /api/jsonrpc. Impact is confidentiali...

Leantime Systems Leantime SQL Injection Vulnerability

Leantime Systems Leantime is an open source project management system based on PHP and MySQL from Leantime Systems. A security vulnerability exists in Leantime Systems Leantime, which is caused by an unparameterized "userId" variable in "app/domain/files/repositories/class.files.php". " variable ...