GHSA-99R5-84GR-59F6 Leantime has Host Header Injection Vulnerability

Summary A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users...

Leantime Systems Leantime SQL Injection Vulnerability

Leantime Systems Leantime is an open source project management system based on PHP and MySQL from Leantime Systems. A security vulnerability exists in Leantime Systems Leantime, which is caused by an unparameterized "userId" variable in "app/domain/files/repositories/class.files.php". " variable ...