PT-2020-18381 · Leantime · Leantime

Marcelfolaron

Published

2020-03-31

Updated

2020-04-02

CVE-2020-5292

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Leantime versions prior to 2.0.15 Leantime versions prior to 2.1-beta3

Description The issue allows malicious users to execute arbitrary SQL queries, which can negatively affect the confidentiality, integrity, and availability of the site. This can lead to data exfiltration, such as users' and administrators' password hashes, modification of data, or dropping of tables. The vulnerability is triggered by sending a POST request to "/tickets/showKanban" with a valid session and exploiting the unescaped searchUsers parameter, also referred to as users in the class.tickets.php file.

Recommendations For versions prior to 2.0.15, update to version 2.0.15 or later. For versions prior to 2.1-beta3, update to version 2.1.0 beta 3 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-5292

GHSA-WW6X-RHVP-55HP

Affected Products

Leantime

PT-2020-18381 · Leantime · Leantime

CVE-2020-5292

Weakness Enumeration

Related Identifiers

Affected Products

References · 5