CVE-2021-47720 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable…
High CVSS: 8.7

CVE-2021-47720

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information.
Vendor
Orangescrum
Product
Orangescrum
CWE
CWE-89
Yayın Tarihi
2025-12-23 20:15:44
Güncelleme
2025-12-31 17:15:29
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-89 Orangescrum HIGH Orangescrum 2025

Referanslar

https://www.exploit-db.com/exploits/50553 https://www.orangescrum.org/ https://www.vulncheck.com/advisories/orangescrum-authenticated-sql-injection-via-multiple-parameters