Vulnerability Details CVE-2025-67102
A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.5%
CVSS Severity
CVSS v3 Score 7.6
Products affected by CVE-2025-67102
-
cpe:2.3:a:jorani:jorani:0.1
-
cpe:2.3:a:jorani:jorani:0.1.1
-
cpe:2.3:a:jorani:jorani:0.1.2
-
cpe:2.3:a:jorani:jorani:0.1.3
-
cpe:2.3:a:jorani:jorani:0.1.4
-
cpe:2.3:a:jorani:jorani:0.2.0
-
cpe:2.3:a:jorani:jorani:0.3.0
-
cpe:2.3:a:jorani:jorani:0.3.1
-
cpe:2.3:a:jorani:jorani:0.4.0
-
cpe:2.3:a:jorani:jorani:0.4.1
-
cpe:2.3:a:jorani:jorani:0.4.2
-
cpe:2.3:a:jorani:jorani:0.4.3
-
cpe:2.3:a:jorani:jorani:0.4.4
-
cpe:2.3:a:jorani:jorani:0.4.5
-
cpe:2.3:a:jorani:jorani:0.4.6
-
cpe:2.3:a:jorani:jorani:0.5.0
-
cpe:2.3:a:jorani:jorani:0.5.1
-
cpe:2.3:a:jorani:jorani:0.6.0
-
cpe:2.3:a:jorani:jorani:0.6.2
-
cpe:2.3:a:jorani:jorani:0.6.3
-
cpe:2.3:a:jorani:jorani:0.6.4
-
cpe:2.3:a:jorani:jorani:0.6.5
-
cpe:2.3:a:jorani:jorani:1.0.0