CNNVD-202507-2558 Information

Jul 20, 2025 cve

CNNVD ID

CNNVD-202507-2558

CVE-2025-7886

CNNVD Published: 2025-07-20

Description (Chinese)

PMTicket Project-Management-Software是PMTicket开源的一款敏捷项目管理与问题跟踪系统。 pmTicket Project-Management-Software存在注入漏洞，该漏洞源于对文件classes/class.database.php中函数getUserLanguage的参数user_id的错误操作导致SQL注入。

Description (English)

PMTicket Project-Management-Software is an agile project management and problem tracking system for PMTicket open sources. PmTicket Project-Management-Software has an injection loophole, which results from an error in the use of the parameter uuser id of the getUserLanguage function in file classes/class.database.php.

Hazard Level

Medium

Vulnerability Type

注入

Affected Vendor

PMTicket

Published

2025-07-20

Last Modified

2026-02-24

References

https://vuldb.com/?id.317001 https://asciinema.org/a/3wu3WGpnrnMc2GDvSyLUqqHUF https://vuldb.com/?ctiid.317001 https://vuldb.com/?submit.614534 https://access.redhat.com/security/cve/cve-2025-7886

Share on: