4 matches found
CVE-2021-47720
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...
CVE-2021-47720 Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...
CVE-2021-47720
Orangescrum 1.8.0 is affected by an authenticated SQL injection via multiple parameters (old_project_id, project_id, uuid, uniqid). The root cause is insufficient validation of input parameters, allowing attackers with authorization to manipulate database queries and potentially extract or modify...
PT-2025-52829
Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0 Description Orangescrum version 1.8.0 has an authenticated SQL injection issue. Authorized users can manipulate database queries through vulnerable parameters. Specifically, attackers can inject malicious SQL code int...