CNNVD-202602-931 Information
CNNVD ID
CNNVD-202602-931
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.6.7之前版本和17.0.3之前版本存在操作系统命令注入漏洞,该漏洞源于存储库更改端点存在任意文件写入漏洞,可能导致远程代码执行。
Description (English)
OpenProject is a Web-based project management software from OpenProject Open Source. There is a gap in operating system commands before and before OpenProject 16.6.7 and 17.0.3, which stems from any file writing gap at the change end of the repository, which may lead to remote code execution.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
OpenProject
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/opf/openproject/releases/tag/v16.6.7 https://github.com/opf/openproject/releases/tag/v17.0.3 https://github.com/opf/openproject/security/advisories/GHSA-x37c-hcg5-r5m7 https://access.redhat.com/security/cve/cve-2026-25763
Patch
https://github.com/opf/openproject/releases
Share on: