Search criteria
2 vulnerabilities by redmine
CVE-2026-1836 (GCVE-0-2026-1836)
Vulnerability from cvelistv5 – Published: 2026-06-12 13:23 – Updated: 2026-06-12 14:00
VLAI?
Title
Stored credentials in Redmine
Summary
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.
Severity ?
CWE
- CWE-257 - Storing passwords in a recoverable format
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T14:00:02.963086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T14:00:11.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Redmine",
"vendor": "Redmine",
"versions": [
{
"lessThan": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.0.14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.0.7"
},
{
"status": "unaffected",
"version": "5.1.10"
},
{
"status": "unaffected",
"version": "5.0.14"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.7",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.10",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.14",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:6.0.7:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:redmine:redmine:5.1.10:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:redmine:redmine:5.0.14:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2026-03-31T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials."
}
],
"value": "The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing passwords in a recoverable format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T13:23:31.810Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/stored-credentials-redmine"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by Redmine team in versions 6.0.7, 5.1.10 and 5.0.14."
}
],
"value": "The vulnerability has been fixed by Redmine team in versions 6.0.7, 5.1.10 and 5.0.14."
}
],
"source": {
"defect": [
"David Rubio Lora"
],
"discovery": "EXTERNAL"
},
"title": "Stored credentials in Redmine",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-1836",
"datePublished": "2026-06-12T13:23:31.810Z",
"dateReserved": "2026-02-03T15:43:30.850Z",
"dateUpdated": "2026-06-12T14:00:11.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37105 (GCVE-0-2020-37105)
Vulnerability from cvelistv5 – Published: 2026-02-03 16:52 – Updated: 2026-03-05 01:28
VLAI?
Title
PMB 5.6 - 'logid' SQL Injection
Summary
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
41-trk (Tarik Bakir)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37105",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T20:11:58.546226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T20:12:06.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PMB",
"vendor": "redmine",
"versions": [
{
"status": "affected",
"version": "5.6"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sigb:pmb:5.6:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "41-trk (Tarik Bakir)"
}
],
"datePublic": "2020-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the \u0027logid\u0027 parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:28:01.173Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48356",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48356"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "http://www.sigb.net"
},
{
"name": "Software Download Repository",
"tags": [
"product"
],
"url": "http://forge.sigb.net/redmine/projects/pmb/files"
},
{
"name": "VulnCheck Advisory: PMB 5.6 - \u0027logid\u0027 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/pmb-logid-sql-injection"
}
],
"title": "PMB 5.6 - \u0027logid\u0027 SQL Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37105",
"datePublished": "2026-02-03T16:52:43.083Z",
"dateReserved": "2026-02-01T13:16:06.490Z",
"dateUpdated": "2026-03-05T01:28:01.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}