Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability.

Overview :
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and administrators’ password hashes, modify data, or drop tables. The unescaped parameter is “searchUsers” when sending a POST request to “/tickets/showKanban” with a valid session. In the code, the parameter is named “users” in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3.

CVE-2020-5292

 

Vulnerability type

Authenticated Blind SQL Injection

Impact & Description

The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and administrators’ password hashes, modify data, or drop tables. The unescaped parameter is “searchUsers” when sending a POST request to “/tickets/showKanban” with a valid session. In the code, the parameter is named “users” in class.tickets.php.

Patches

2.0.15 or 2.1.0 beta 3

References

To-Do searches didn’t escape the “users” parameter correctly. All values are now escaped.

For more information

If you have any questions or comments about this advisory:

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-2025 : GRANDSTREAM GSD3710 1.0.11.13 STRCOPY STACK-BASED OVERFLOW

CVE-2022-2025 : GRANDSTREAM GSD3710 1.0.11.13 STRCOPY STACK-BASED OVERFLOW

Description An attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it

CVE-2022-2315 : DATABASE SOFTWARE PRIOR 2 ACCREDITATION TRACKING/PRESENTATION SQL INJECTION

CVE-2022-2315 : DATABASE SOFTWARE PRIOR 2 ACCREDITATION TRACKING/PRESENTATION SQL INJECTION

Description Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in

CVE-2022-37877 : ARUBA CLEARPASS POLICY MANAGER UP TO 6.9.11/6.10.6 ON MACOS ONGUARD AGENT PRIVILEGE ESCALATION

CVE-2022-37877 : ARUBA CLEARPASS POLICY MANAGER UP TO 6.9.11/6.10.6 ON MACOS ONGUARD AGENT PRIVILEGE ESCALATION

Description A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their