CVE-2025-7886

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions pmTicket Project-Management-Software versions prior to 2ef379da2075f4761a2c9029cf91d073474e7486

Description A critical issue exists in pmTicket Project-Management-Software. The getUserLanguage function within the classes/class.database.php file is susceptible to SQL injection due to manipulation of the user id argument. This allows for remote exploitation. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions prior to 2ef379da2075f4761a2c9029cf91d073474e7486: Restrict or disable the use of the getUserLanguage function until a suitable update is available.

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-7886

Affected Products

Pmticket Project-Management-Software

CVE-2025-7886

Weakness Enumeration

Related Identifiers

Affected Products

References · 10