CVE-2023-45826

moderate-risk
Published 2023-10-19

Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Do I need to act?

!
16.2% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (5)

Leantime
Leantime
Leantime
Leantime
Leantime

Affected Vendors

Leantime

References (4)

Patch https://github.com/Leantime/leantime/commit/be75f1e0f311d11c00a0bdc7079a62eef359...
Vendor Advisory https://github.com/Leantime/leantime/security/advisories/GHSA-559g-3h98-g3fj
Patch https://github.com/Leantime/leantime/commit/be75f1e0f311d11c00a0bdc7079a62eef359...
Vendor Advisory https://github.com/Leantime/leantime/security/advisories/GHSA-559g-3h98-g3fj
49
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 13/34 · Low
Exposure 12/34 · Low