PT-2025-44207 · Taiga · Taiga
Published
2025-10-28
·
Updated
2025-10-29
·
CVE-2025-62367
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Taiga versions prior to 6.9.0
Description
Taiga, an open source project management platform, has an issue in its API. Versions 6.8.3 and earlier are susceptible to time-based blind SQL injection, potentially leading to the disclosure of sensitive data through response timing. The API endpoint is vulnerable due to this injection flaw. The vulnerable parameter is not specified.
Recommendations
Update to version 6.9.0 or later.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Taiga