CNNVD-202510-2479 Information

CNNVD ID

CNNVD-202510-2479

Related CVE

CVE-2025-60514

• CNNVD Published: 2025-10-17

Description (Chinese)

tillywork是tillywork开源的一个开源工作管理解决方案 Tillywork v0.1.3及之前版本存在安全漏洞，该漏洞源于app/common/helpers/query.builder.helper.ts中存在SQL注入漏洞。

Description (English)

Tillywork is an open-source job management solution for the tilywork open source There is a security loophole in Tillywork v. 0.1.3 and earlier versions, which stems from the SQL injection gap in app/common/helpers/query.builder.helper.ts.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

tillywork

Published

2025-10-17

Last Modified

2026-02-24

References

https://github.com/tillywork/tillywork/pull/288/commits/c57171fd17a857d7ec79e9051b23ace98d5c6a17 https://www.secstrike.ai/cve-2025-60514-tillywork-sql-injection-public-disclosure/ https://access.redhat.com/security/cve/cve-2025-60514