Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause...

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7.

AI Analysis

SQL injection vulnerability in Worklenz project management tool via improper ORDER BY clause input validation

Basic Information

ID CVE-2026-25947

Source GitHub_M

Published Feb 10, 2026 at 17:32

Affected Product

Vendor Worklenz

Product worklenz

Version < 2.1.7

Affected Versions Worklenz worklenz < 2.1.7

CWE Classification

CWE-89

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Worklenz

Product Worklenz

Version < 2.1.7

References

{
    "lastseen": "",
    "description": "Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7.",
    "published": "2026-02-10T17:32:56.224Z",
    "modified": "2026-02-10T17:32:56.224Z",
    "type": "cve",
    "title": "Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation",
    "source": "GitHub_M",
    "references": "https://github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pf\nhttps://github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32b\nhttps://github.com/Worklenz/worklenz/releases/tag/v2.1.7",
    "id": "CVE-2026-25947",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Worklenz worklenz < 2.1.7",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "worklenz",
    "version": "< 2.1.7",
    "vendor": "Worklenz",
    "ai_description": "SQL injection vulnerability in Worklenz project management tool via improper ORDER BY clause input validation",
    "ai_severity": "High",
    "ai_vendor": "Worklenz",
    "ai_product": "Worklenz",
    "ai_version": "< 2.1.7",
    "ai_score": 8.8
}

Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation_CVE-2026-25947