Lucene search
K

4 matches found

NVD
NVD
added 2025/12/23 8:15 p.m.6 views

CVE-2021-47720

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...

8.7CVSS0.003EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/23 7:34 p.m.35 views

CVE-2021-47720 Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...

8.7CVSS0.003EPSS
Exploits1References3
CVE
CVE
added 2025/12/23 7:34 p.m.13 views

CVE-2021-47720

Orangescrum 1.8.0 is affected by an authenticated SQL injection via multiple parameters (old_project_id, project_id, uuid, uniqid). The root cause is insufficient validation of input parameters, allowing attackers with authorization to manipulate database queries and potentially extract or modify...

8.7CVSS7.6AI score0.003EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.3 views

PT-2025-52829

Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0 Description Orangescrum version 1.8.0 has an authenticated SQL injection issue. Authorized users can manipulate database queries through vulnerable parameters. Specifically, attackers can inject malicious SQL code int...

8.7CVSS7.6AI score0.003EPSS
Exploits1References5
Rows per page
Query Builder