exploitDog

CVE-2021-47720

Опубликовано: 23 дек. 2025

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information.

Ссылки

https://www.exploit-db.com/exploits/50553
Exploit
https://www.orangescrum.org/
Product
https://www.vulncheck.com/advisories/orangescrum-authenticated-sql-injection-via-multiple-parameters
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:orangescrum:orangescrum:1.8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00031

Низкий

7.1 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-w28c-2qxg-pf3q

CVSS3: 7.1

github

около 2 месяцев назад

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information.

EPSS

Процентиль: 9%

0.00031

Низкий

7.1 High

CVSS3

Дефекты

CWE-89