pmTicket Project-Management-Software class.database.php getUserLanguage sql injection

July 20, 2025 invoker category_cve

CVE Details

Basic Information

Title pmTicket Project-Management-Software class.database.php getUserLanguage sql injection
Type cve
Published 2025-07-20T11:32:05.156Z
Modified 2025-07-20T11:32:05.156Z

Product Information

Vendor pmTicket
Product Project-Management-Software
Version 2ef379da2075f4761a2c9029cf91d073474e7486

CVSS Information

Base Score 6.9 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected Products

  • pmTicket Project-Management-Software 2ef379da2075f4761a2c9029cf91d073474e7486

Additional Information

CWE List CWE-89, CWE-74
Source VulDB

Description

A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.