Sept. 30, 2023, 10:15 a.m. |

National Vulnerability Database web.nvd.nist.gov

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939.

argument attack classified critical cve exploit found injection manipulation may public sql sql injection vulnerability

Deputy Chief Information Security Officer

@ United States Holocaust Memorial Museum | Washington, DC

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Head of Incident Response

@ Halcyon | Remote

Consultant Sénior Cyber Sécurité H/F

@ Hifield | Lyon, France

Staff Application Security Engineer (AppSec) - Open to remote across ANZ

@ Canva | Sydney, Australia