VDB
CVE-2019-18890
CVE-2019-18890
PUBLISHED
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
EPSS 27.97% · 96.6th percentile
Risk Scores
EPSS Score
27.97%
96.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | redmine | 3.0~20140825-8, 3.2.0-1, 3.2.0-3 |
Exploit Intelligence
- CVE-2019-18890 POC (Proof of Concept) (github-poc)
- CVE-2019-18890 POC (Proof of Concept) (github-poc)
- CVE-2019-18890 POC (Proof of Concept) (github-poc)
- CVE-2019-18890 POC (Proof of Concept) (github-poc)
- CVE-2019-18890 POC (Proof of Concept) (github-poc)
- https://github.com/RealLinkers/CVE-2019-18890 (circl)
- https://www.redmine.org/projects/redmine/wiki/Security_Advisories (circl)
- https://security-tracker.debian.org/tracker/CVE-2019-18890 (circl)
- DSA-4574 (circl)
- 20191119 [SECURITY] [DSA 4574-1] redmine security update (circl)
…and 1 more exploits
Timeline
- Nov 21, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Aug 5, 2024 CVE Updated
- Dec 17, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 12, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-18890 third-party-advisory
- https://www.redmine.org/news/125 third-party-advisory
- https://www.redmine.org/projects/redmine/repository/revisions/16196 third-party-advisory
- https://www.redmine.org/issues/32374 third-party-advisory
- https://ubuntu.com/security/notices/USN-4200-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-18890 third-party-advisory