CNNVD-202602-1477 Information

CNNVD ID

CNNVD-202602-1477

Related CVE

CVE-2026-25947

• CNNVD Published: 2026-02-10

Description (Chinese)

Worklenz是Worklenz开源的一个项目管理工具。 Worklenz 2.1.7之前版本存在SQL注入漏洞，该漏洞源于后端SQL查询构造存在多处SQL注入，影响项目任务管理、报告财务数据、实时处理和资源调度功能。

Description (English)

Worklenz is an open-source project management tool for Worklenz. Prior version of Worklenz 2.1.7 had a SQL injection loophole, which originated from the multiple SQL injections in the SQL query structure at the back end, affecting project task management, reporting financial data, real-time processing and resource movement functions.

Vulnerability Type

SQL注入

Affected Vendor

Worklenz

Published

2026-02-10

Last Modified

2026-02-24

References

https://github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32b https://github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pf https://github.com/Worklenz/worklenz/releases/tag/v2.1.7 https://access.redhat.com/security/cve/cve-2026-25947

Patch

https://www.worklenz.com/