Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability.

Overview :
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and administrators’ password hashes, modify data, or drop tables. The unescaped parameter is “searchUsers” when sending a POST request to “/tickets/showKanban” with a valid session. In the code, the parameter is named “users” in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3.

CVE-2020-5292

 

Vulnerability type

Authenticated Blind SQL Injection

Impact & Description

The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and administrators’ password hashes, modify data, or drop tables. The unescaped parameter is “searchUsers” when sending a POST request to “/tickets/showKanban” with a valid session. In the code, the parameter is named “users” in class.tickets.php.

Patches

2.0.15 or 2.1.0 beta 3

References

To-Do searches didn’t escape the “users” parameter correctly. All values are now escaped.

For more information

If you have any questions or comments about this advisory:

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-30049 : SSRF Vulnerability

Description A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet

CVE-2022-24878 : Improper Path Handling In Kustomization Files Allows For Denial Of Service

Description The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user

Latest Spring Vulnerabilities Exploitation – CVE-2022-22965

Latest Spring Vulnerabilities Exploitation – CVE-2022-22965

Are you having a Spring MVC or Spring WebFlux application running on JDK version 9 or higher? Then ensure that