CNNVD-202601-2649 Information
Jan 15, 2026
cve
CNNVD ID
CNNVD-202601-2649
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
ITFlow是ITFlow开源的一款客户 IT 文档、票务和计费 ERP 软件。 Itflow 25.06及之前版本存在安全漏洞,该漏洞源于对整数参数role_id清理不足,可能导致SQL注入攻击。
Description (English)
ITFlow is an IT document, ticketing and billing ERP software for an ITFlow open source. There is a security loophole in its version 25.06 and earlier, which stems from the inadequate clean-up of the integer parameter ole id, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
ITFlow
Published
2026-01-15
Last Modified
2026-02-24
References
https://github.com/itflow-org/itflow https://www.helx.io/blog/advisory-itflow/ https://access.redhat.com/security/cve/cve-2025-67081
Patch
https://github.com/itflow-org/itflow/releases
Share on: