| Title | pmTicket https://github.com/issue-tracking-system/Project-Management-Software 1 SQL Injection |
|---|
| Description | A vulnerability exists in PmTicket in the `getUserLanguage` function where the `user_id` parameter is vulnerable to an unauthenticated SQL injection. This flaw allows an unauthenticated remote attacker to inject arbitrary SQL commands via the user_id parameter, leading to unauthorized access and leaking of sensitive information. An attacker can craft a malicious request that manipulates the SQL query to extract the username and password hash of the admin user character by character. Despite being escaped, The vulnerability exists due to the lack of proper typecasting and insufficient input validation before being incorporated into the SQL query, allowing direct injection of SQL queries. |
|---|
| Source | ⚠️ https://asciinema.org/a/3wu3WGpnrnMc2GDvSyLUqqHUF |
|---|
| User | Allan Njuguna (UID 57480) |
|---|
| Submission | 07/11/2025 15:20 (12 months ago) |
|---|
| Moderation | 07/19/2025 10:08 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317001 [pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486 class.database.php getUserLanguage user_id sql injection] |
|---|
| Points | 20 |
|---|