CNNVD-202512-4121 Information

CNNVD ID

CNNVD-202512-4121

Related CVE

CVE-2021-47720

• CNNVD Published: 2025-12-23

Description (Chinese)

OrangeScrum是美国OrangeScrum公司的一款简单但功能强大的免费开源项目管理软件。 OrangeScrum 1.8.0版本存在SQL注入漏洞，该漏洞源于对old_project_id、project_id、uuid和uniqid等参数输入验证不足，可能导致SQL注入攻击。

Description (English)

OrangeScrum is a simple but powerful, free open-source project management software for OrangeScrum in the United States. OrangeScrum 1.8.0 contains an injection loophole in SQL, which is the result of inadequate verification of the entries for the parameters old project id, project id, uuid and uniqid, which may result in an attack on SQL.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

开源地理空间

Published

2025-12-23

Last Modified

2026-02-24

References

https://www.orangescrum.org/ https://www.vulncheck.com/advisories/orangescrum-authenticated-sql-injection-via-multiple-parameters https://www.exploit-db.com/exploits/50553 https://access.redhat.com/security/cve/cve-2021-47720