tine
by Tine
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41364 | Cri | 0.64 | 9.8 | 0.01 | Sep 1, 2023 | In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. | ||
| CVE-2024-36070 | Hig | 0.42 | 7.5 | 0.01 | May 19, 2024 | tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.) |
- risk 0.64cvss 9.8epss 0.01
In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.
- risk 0.42cvss 7.5epss 0.01
tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)