CNNVD-202512-4120 Information

CNNVD ID

CNNVD-202512-4120

Related CVE

CVE-2021-47721

• CNNVD Published: 2025-12-23

Description (Chinese)

OrangeScrum是美国OrangeScrum公司的一款简单但功能强大的免费开源项目管理软件。 OrangeScrum 1.8.0版本存在安全漏洞，该漏洞源于会话cookie处理不当，可能导致权限提升。

Description (English)

OrangeScrum is a simple but powerful, free open-source project management software for OrangeScrum in the United States. OrangeScrum 1.8.0 has a security loophole, which stems from the inappropriate handling of session cookies, which may lead to an increase in privileges.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

开源地理空间

Published

2025-12-23

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/50551 https://www.orangescrum.org/ https://www.vulncheck.com/advisories/orangescrum-authenticated-privilege-escalation-via-user-session-manipulation