CNNVD-202509-4424 Information

CNNVD ID

CNNVD-202509-4424

Related CVE

CVE-2025-11135

• CNNVD Published: 2025-09-29

Description (Chinese)

PMTicket Project-Management-Software是PMTicket开源的一款敏捷项目管理与问题跟踪系统。 PMTicket Project-Management-Software存在代码问题漏洞，该漏洞源于对文件classes/class.database.php中组件Cookie Handler的参数user_id的错误操作，可能导致反序列化攻击。

Description (English)

PMTicket Project-Management-Software is an agile project management and problem tracking system for PMTicket open sources. The PMTicket Project-Management-Software has a code problem loophole, which results from an error in the use of the parameter uuser id for the component Cookie Handler in file numbers/class.database.php, which could lead to a back-serialization attack.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

PMTicket

Published

2025-09-29

Last Modified

2026-02-24

References

https://asciinema.org/a/kTWHQMM7n6QH98gGCW3e7T9xT https://drive.google.com/file/d/18T4Gpzic0OQ-hzZWR6YoJ127QV3Jxyxe/view https://vuldb.com/?ctiid.326212 https://vuldb.com/?id.326212 https://vuldb.com/?submit.657302