2 matches found
BIT-OPENPROJECT-2021-32763
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
SQL Injection
php is vulnerable to SQL Injection attacks. The vulnerability exists due to an integer overflow when processing untrusted input within the PDO::quote in PDOSQLite, which allows a remote attacker to pass a specially crafted input to the application that after being processed by the affected...